Vulnerability CVE-2016-6648

Vulnerability CVE-2016-6648

Published: 2017-02-03

Description:

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
2.1/10	2.9/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
EMC -> Recoverpoint for virtual machines
EMC -> Recoverpoint

References:

http://www.securityfocus.com/archive/1/540058/30/0/threaded

http://www.securityfocus.com/bid/95821

http://www.securitytracker.com/id/1037727

Copyright 2024, cxsecurity.com