CVE-2017-7284

Name: CVE-2017-7284
Creator: NVD / NIST
Published: 2017-04-12T22:59:00.867+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.66%

Last modified Jun 17, 2026

CVE-2017-7284 is a vulnerability of currently unknown severity. An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.. EPSS estimates a 2.66% chance of exploitation in the next 30 days.

Description

An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.

Metrics

EPSS Probability

2.66%

83.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Unitrends	Enterprise Backup	<= 9.1.1

References

https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/Exploit, Third Party Advisory
https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/Exploit, Third Party Advisory

Timeline

Published: Apr 12, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-7284?

How severe is CVE-2017-7284?

Severity scoring for CVE-2017-7284 is pending analysis. The EPSS model estimates a 2.66% probability of exploitation in the next 30 days.

How do I fix CVE-2017-7284?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-7284?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST