Data Protection Advisor
CVE-2012-4616
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.
AnalysisAI
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. Affected products include: Emc Data Protection Advisor.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Data Protection Advisor
View allThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows re
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote att
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. Rated high severity (CVS
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. Rated medium
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. Rated medium severity (CVSS 4.9), this
Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today