PT-2016-7018 · Emc · Emc Unisphere For Vmax Virtual Appliance+1

Published

2016-10-05

Updated

2021-08-05

CVE-2016-6645

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC Unisphere for VMAX Virtual Appliance versions 8.0 through 8.2 Solutions Enabler Virtual Appliance versions 8.0 through 8.2

Description The issue allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. This is a problem with the vApp Managers web application.

Recommendations For EMC Unisphere for VMAX Virtual Appliance versions 8.0 through 8.2, update to version 8.3.0 or later. For Solutions Enabler Virtual Appliance versions 8.0 through 8.2, update to version 8.3.0 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-6645

Affected Products

Emc Unisphere For Vmax Virtual Appliance

Solutions Enabler Virtual Appliance

PT-2016-7018 · Emc · Emc Unisphere For Vmax Virtual Appliance+1

CVE-2016-6645

Weakness Enumeration

Related Identifiers

Affected Products

References · 6