 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.105241 |
| Categoría: | Web application abuses |
| Título: | EMC M&R (Watch4net) < 6.5u1 Multiple Vulnerabilities |
| Resumen: | EMC M&R (Watch4net) is prone to multiple vulnerabilities. |
| Descripción: | Summary: EMC M&R (Watch4net) is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Credential Disclosure: It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. - Directory Traversal: A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries. - Arbitrary File Upload Vulnerability: An attacker may leverage this issue to upload arbitrary files to the affected computer. This can result in arbitrary code execution within the context of the vulnerable application. - Multiple Cross Site Scripting Vulnerabilities: Multiple cross site scripting vulnerabilities were found in EMC M&R (Watch4net) Centralized Management Console, Web Portal and Alerting Frontend. Vulnerability Impact: A remote attacker could exploit the traversal vulnerability using directory traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks. An attacker may leverage the Arbitrary File Upload Vulnerability to upload arbitrary files to the affected computer. This can result in arbitrary code execution within the context of the vulnerable application. An attacker may leverage the Cross Site Scripting Vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Affected Software/OS: EMC M&R (Watch4net) before 6.5u1. Solution: Updates are available. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-0513 BugTraq ID: 72259 http://www.securityfocus.com/bid/72259 Bugtraq: 20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://www.securitytracker.com/id/1031567 Common Vulnerability Exposure (CVE) ID: CVE-2015-0515 BugTraq ID: 72256 http://www.securityfocus.com/bid/72256 Common Vulnerability Exposure (CVE) ID: CVE-2015-0516 BugTraq ID: 72255 http://www.securityfocus.com/bid/72255 Bugtraq: 20150318 Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser (Google Search) http://www.securityfocus.com/archive/1/534929/100/0/threaded http://seclists.org/fulldisclosure/2015/Mar/116 https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |