 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.105241 |
| Category: | Web application abuses |
| Title: | EMC M&R (Watch4net) < 6.5u1 Multiple Vulnerabilities |
| Summary: | EMC M&R (Watch4net) is prone to multiple vulnerabilities. |
| Description: | Summary: EMC M&R (Watch4net) is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Credential Disclosure: It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. - Directory Traversal: A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries. - Arbitrary File Upload Vulnerability: An attacker may leverage this issue to upload arbitrary files to the affected computer. This can result in arbitrary code execution within the context of the vulnerable application. - Multiple Cross Site Scripting Vulnerabilities: Multiple cross site scripting vulnerabilities were found in EMC M&R (Watch4net) Centralized Management Console, Web Portal and Alerting Frontend. Vulnerability Impact: A remote attacker could exploit the traversal vulnerability using directory traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks. An attacker may leverage the Arbitrary File Upload Vulnerability to upload arbitrary files to the affected computer. This can result in arbitrary code execution within the context of the vulnerable application. An attacker may leverage the Cross Site Scripting Vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Affected Software/OS: EMC M&R (Watch4net) before 6.5u1. Solution: Updates are available. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-0513 BugTraq ID: 72259 http://www.securityfocus.com/bid/72259 Bugtraq: 20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://www.securitytracker.com/id/1031567 Common Vulnerability Exposure (CVE) ID: CVE-2015-0515 BugTraq ID: 72256 http://www.securityfocus.com/bid/72256 Common Vulnerability Exposure (CVE) ID: CVE-2015-0516 BugTraq ID: 72255 http://www.securityfocus.com/bid/72255 Bugtraq: 20150318 Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser (Google Search) http://www.securityfocus.com/archive/1/534929/100/0/threaded http://seclists.org/fulldisclosure/2015/Mar/116 https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |