PatchSiren cyber security CVE debrief

CVE-2016-0890 Emc CVE debrief

CVE-2016-0890 affects EMC PowerPath Virtual (Management) Appliance 2.0 and 2.0 SP1. The published record describes a sensitive information disclosure issue that could potentially be used by a malicious user to compromise the affected system. NVD classifies the weakness as CWE-200 and rates the issue medium severity with network access, low privileges, no user interaction, and high attack complexity.

Vendor: Emc
Product: CVE-2016-0890
CVSS: MEDIUM 6.4
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-03
Original CVE updated: 2026-05-13
Advisory published: 2017-02-03
Advisory updated: 2026-05-13

Who should care

Administrators, security teams, and incident responders responsible for EMC PowerPath Virtual (Management) Appliance 2.0 or 2.0 SP1 should care most. If the management appliance is reachable from untrusted networks or broadly accessible inside the environment, this issue deserves attention.

Technical summary

The NVD entry maps CVE-2016-0890 to two vulnerable CPEs: EMC PowerPath Virtual Appliance 2.0 and 2.0 SP1. The CVSS v3.0 vector is AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L, indicating network-exploitable conditions with low privileges but high attack complexity. The primary weakness is CWE-200, meaning the flaw can expose sensitive information and may have downstream impact beyond confidentiality.

Defensive priority

Medium. Prioritize affected appliances that are exposed to broader internal networks or that store or broker management data, because the vulnerability is network reachable and can leak sensitive information.

Recommended defensive actions

Confirm whether any deployed EMC PowerPath Virtual (Management) Appliance instances are running version 2.0 or 2.0 SP1.
Review the linked NVD and vendor references for the official mitigation guidance and any fix or workaround provided by the vendor.
Restrict network access to the appliance management interface to trusted administrative sources only.
Monitor for unexpected access to the appliance and for unusual data exposure or administrative activity.
If the appliance is no longer required, remove or isolate it to reduce exposure until an approved remediation path is available.

Evidence notes

The description, affected versions, and severity context come from the supplied NVD-derived record for CVE-2016-0890. The record lists two vulnerable CPEs: cpe:2.3:a:emc:powerpath_virtual_appliance:2.0 and cpe:2.3:a:emc:powerpath_virtual_appliance:2.0:sp1. NVD also supplies CVSS v3.0 vector CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L and weakness CWE-200. No exploit details or remediation specifics were included in the supplied corpus beyond the reference links.

Official resources

CVE-2016-0890 CVE record
CVE.org
CVE-2016-0890 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mitigation, Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

The CVE record was published on 2017-02-03 and later modified in NVD on 2026-05-13. The supplied source corpus does not include a vendor fix bulletin, so public disclosure context is limited to the CVE/NVD record and referenced advisories.