3Par Service Provider
CVE-2018-7098
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.
AnalysisAI
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. Affected products include: Hp 3Par Service Provider.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in 3Par Service Provider
View allA security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated critical sev
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated critical sev
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated high severit
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated medium sever
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). Rated medium sever
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today