CVE-2019-3741

Опубликовано: 18 июл. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.

Ссылки

https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities
Broken Link
Vendor Advisory
https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*

Версия до 5.0.0.0.5.116 (исключая)

cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*

Версия до 5.0.0.0.5.116 (исключая)

EPSS

Процентиль: 15%

0.00049

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-693

Связанные уязвимости

GHSA-gccr-28w8-pgcj

github

больше 3 лет назад

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user?s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.