CVE-2018-1215

Name of the Vulnerable Software and Affected Versions Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18 Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21 Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514 Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4

Description An arbitrary file upload issue was discovered, allowing a remote authenticated malicious user to upload arbitrary maliciously crafted files in any location on the web server. This could potentially be exploited by chaining with another issue, allowing an attacker to use a default account.

Recommendations For Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, update to version 8.4.0.18 or later. For Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, update to version 8.4.0.21 or later. For Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, update to version 8.4.0.514 or later. For Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4, update to a version later than 1.4.