CVE-2017-8011

Name of the Vulnerable Software and Affected Versions EMC ViPR SRM versions prior to 4.1 EMC Storage M&R versions prior to 4.1 EMC VNX M&R all versions EMC M&R (Watch4Net) for SAS Solution Packs all versions

Description The issue concerns undocumented accounts with default passwords for Webservice Gateway and RMI JMX components in certain EMC products. A remote attacker with knowledge of the default password may use these accounts to run arbitrary web service and remote procedure calls on the affected system. This could potentially allow an attacker to exploit the vulnerability and gain unauthorized access to the system.

Recommendations For EMC ViPR SRM versions prior to 4.1, update to version 4.1 or later to resolve the issue. For EMC Storage M&R versions prior to 4.1, update to version 4.1 or later to resolve the issue. For EMC VNX M&R, consider disabling the Webservice Gateway and RMI JMX components until a patch is available. For EMC M&R (Watch4Net) for SAS Solution Packs, restrict access to the default accounts to minimize the risk of exploitation.