CVE-2017-8001

Опубликовано: 28 нояб. 2017

Источник: nvd

CVSS3: 8.4

CVSS2: 2.1

EPSS Низкий

Описание

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.

Ссылки

http://seclists.org/fulldisclosure/2017/Nov/35
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/101997
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/35
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/101997
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:dell:emc_scaleio:2.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_scaleio:2.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_scaleio:2.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_scaleio:2.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

8.4 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-xpjw-f7rh-9w56