Auth bypass in Emc Cloud_tiering_appliance

CVE-2012-2285

EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the aut…

Vulnerability class: Broken Authentication

EPSS: 0.006 (71.2th percentile) — read the EPSS interpretation.

Affected products

Emc Cloud_tiering_appliance
Emc Cloud_tiering_appliance_virtual_edition
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

emc-cloud-gui-sec-bypass(78110) (vdb-entry, x_refsource_XF)
1027448 (vdb-entry, x_refsource_SECTRACK)
20120828 ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability (mailing-list, x_refsource_BUGTRAQ)
85050 (x_refsource_OSVDB, vdb-entry)
50393 (x_refsource_SECUNIA, third-party-advisory)