CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://seclists.org/fulldisclosure/2017/Sep/36
http://www.securityfocus.com/bid/100846
http://www.securitytracker.com/id/1039370
http://seclists.org/fulldisclosure/2017/Sep/36
http://www.securityfocus.com/bid/100846
http://www.securitytracker.com/id/1039370

Products affected by CVE-2017-8013

Emc » Data Protection Advisor » Version: 6.3.0

cpe:2.3:a:emc:data_protection_advisor:6.3.0
Emc » Data Protection Advisor » Version: 6.4.0

cpe:2.3:a:emc:data_protection_advisor:6.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8013

Products

Pricing

Contact Us