Vulnerabilities > CVE-2015-0515 - Arbitrary File Upload vulnerability in EMC Vipr SRM and Watch4Net

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

emc

NVD

Published: 2015-01-21

Updated: 2017-01-03

Summary

Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Watch4Net 6.0 EMC Watch4Net 6.1 EMC Watch4Net 6.2 EMC Watch4Net 6.3 EMC Watch4Net 6.5 EMC Vipr SRM 3.6.0	6

References

http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html
http://www.securityfocus.com/bid/72256
http://www.securitytracker.com/id/1031567