First published: Wed Oct 05 2016(Updated: )
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
EMC Unisphere | =8.0 | |
EMC Unisphere | =8.1 | |
EMC Unisphere | =8.1.2 | |
EMC Unisphere | =8.2 | |
Dell Solutions Enabler | =8.0 | |
Dell Solutions Enabler | =8.0.3 | |
Dell Solutions Enabler | =8.1 | |
Dell Solutions Enabler | =8.1.2 | |
Dell Solutions Enabler | =8.2 | |
EMC Unisphere | =8.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-6645 is classified as a high severity vulnerability that allows remote authenticated users to execute arbitrary code.
To remediate CVE-2016-6645, upgrade to EMC Unisphere for VMAX Virtual Appliance and Solutions Enabler Virtual Appliance version 8.3.0 or later.
CVE-2016-6645 affects versions 8.0, 8.1, 8.2 of EMC Unisphere and versions 8.0, 8.1, 8.2 of EMC Solutions Enabler.
Yes, CVE-2016-6645 can be exploited remotely by authenticated users who provide crafted input to specific requests.
The impact of CVE-2016-6645 includes the potential for unauthorized access and execution of arbitrary code in affected systems.