{"api_version":"1","generated_at":"2026-04-23T08:39:30+00:00","cve":"CVE-2016-6646","urls":{"html":"https://cve.report/CVE-2016-6646","api":"https://cve.report/api/cve/CVE-2016-6646.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-6646","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-6646"},"summary":{"title":"CVE-2016-6646","description":"The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.","state":"PUBLIC","assigner":"security_alert@emc.com","published_at":"2016-10-05 01:59:00","updated_at":"2021-08-05 14:46:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/93343","name":"93343","refsource":"BID","tags":[],"title":"Dell EMC vApp Manager Multiple Arbitrary Command Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://seclists.org/bugtraq/2016/Oct/7","name":"20161004 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities","refsource":"BUGTRAQ","tags":["Third Party Advisory"],"title":"Bugtraq: ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1036941","name":"1036941","refsource":"SECTRACK","tags":[],"title":"EMC Unisphere for VMAX Input Validation Flaws in vApp Manager Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-6646","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6646","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"emc_unisphere","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"emc_unisphere","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"emc_unisphere","cpe6":"8.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"emc_unisphere","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"solutions_enabler","cpe6":"8.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6646","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"unisphere","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmax","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","ID":"CVE-2016-6646","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20161004 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities","refsource":"BUGTRAQ","url":"http://seclists.org/bugtraq/2016/Oct/7"},{"name":"1036941","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1036941"},{"name":"93343","refsource":"BID","url":"http://www.securityfocus.com/bid/93343"}]}},"nvd":{"publishedDate":"2016-10-05 01:59:00","lastModifiedDate":"2021-08-05 14:46:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:unisphere:8.0.3:*:*:*:*:vmax:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:solutions_enabler:8.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:solutions_enabler:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:solutions_enabler:8.0.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:solutions_enabler:8.1.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:solutions_enabler:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:emc_unisphere:8.1:*:*:*:*:vmax:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:emc_unisphere:8.0:*:*:*:*:vmax:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:emc_unisphere:8.2:*:*:*:*:vmax:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:emc_unisphere:8.1.2:*:*:*:*:vmax:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"6646","Ordinal":"92951","Title":"CVE-2016-6646","CVE":"CVE-2016-6646","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"6646","Ordinal":"1","NoteData":"The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"6646","Ordinal":"2","NoteData":"2016-10-04","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"6646","Ordinal":"3","NoteData":"2017-07-29","Type":"Other","Title":"Modified"}]}}}