CVE-2017-8013

Name of the Vulnerable Software and Affected Versions EMC Data Protection Advisor versions 6.3.x through 6.4.x before patch 130 EMC Data Protection Advisor versions 6.3.x before patch 67

Description The issue concerns undocumented accounts with hard-coded passwords and various privileges. The affected accounts are "Apollo System Test", emc.dpa.agent.logon, and emc.dpa.metrics.logon. An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access, including potentially administrative privileges.

Recommendations For EMC Data Protection Advisor versions 6.3.x before patch 67, apply patch 67 to resolve the issue. For EMC Data Protection Advisor versions 6.4.x before patch 130, apply patch 130 to resolve the issue. As a temporary workaround, consider restricting access to the REST APIs until a patch is applied.