Описание
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.3.0 (исключая)
cpe:2.3:a:dell:xtremio_management_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00119
Низкий
6.7 Medium
CVSS3
6.7 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-532
CWE-532
Связанные уязвимости
github
больше 3 лет назад
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.
EPSS
Процентиль: 31%
0.00119
Низкий
6.7 Medium
CVSS3
6.7 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-532
CWE-532