Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-29489

Опубликовано: 05 янв. 2021
Источник: nvd
CVSS3: 6.4
CVSS3: 6.7
CVSS2: 4.6
EPSS Низкий

Описание

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.0.4.0.5.012 (исключая)
cpe:2.3:a:dell:emc_unity_vsa_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.0.4.0.5.012 (исключая)
cpe:2.3:a:dell:emc_unity_xt_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.0.4.0.5.012 (исключая)

EPSS

Процентиль: 4%
0.0002
Низкий

6.4 Medium

CVSS3

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-276
CWE-312

Связанные уязвимости

github логотип

GHSA-8xmx-4f3h-rv3w

github
больше 3 лет назад

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

EPSS

Процентиль: 4%
0.0002
Низкий

6.4 Medium

CVSS3

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-276
CWE-312