Описание
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.1:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.2:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:dell:emc_idpa_dp4400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_idpa_dp5800:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_idpa_dp8300:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_idpa_dp8800:-:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00942
Низкий
9.8 Critical
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-307
CWE-307
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
EPSS
Процентиль: 76%
0.00942
Низкий
9.8 Critical
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-307
CWE-307