High severity7.5NVD Advisory· Published Aug 4, 2017· Updated May 13, 2026

CVE-2017-10949

Description

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

Affected products

Dell/Storage Manager 2016
cpe:2.3:a:dell:storage_manager_2016:r2.1:*:*:*:*:*:*:*
Zero Day Initiative/Dell Storage Managerv5
Range: 2016 R2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdfnvdRelease NotesVendor Advisory
www.securityfocus.com/bid/100138nvdThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-17-523nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000