Vulnerability CVE-2019-3741


Published: 2019-07-18

Description:
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user?s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.

Type:

CWE-693

(Protection Mechanism Failure)

Vendor: DELL
Product: Emc unity operating environment 
Version:
4.4.1.1539309879
4.4.0.1534750794
4.3.1.1525703027
4.2.3.9670635
4.2.2.9632250
4.2.1.9535982
4.2.0.9476662
4.2.0.9392909
4.1.2.9257522
4.1.1.9138882
4.1.0.9058043
4.1.0.8959731
4.1.0.8940590
4.0.2.8627717
4.0.1.8404134
4.0.1.8320161
4.0.1.8194551
4.0.0.7329527
Product: Emc unityvsa operating environment 
Version:
4.4.1.1539309879
4.4.0.1534750794
4.3.1.1525703027
4.2.3.9670635
4.2.2.9632250
4.2.1.9535982
4.2.0.9476662
4.2.0.9392909
4.1.2.9257522
4.1.1.9138882
4.1.0.9058043
4.1.0.8959731
4.1.0.8940590
4.0.2.8627717
4.0.1.8404134
4.0.1.8320161
4.0.1.8194551
4.0.0.7329527

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities

Related CVE
CVE-2019-3764
Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain...
CVE-2019-3745
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an adm...
CVE-2019-3747
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud ...
CVE-2019-3746
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order ...
CVE-2019-3736
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted pass...
CVE-2019-3763
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 co...
CVE-2019-3761
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentia...
CVE-2019-3760
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vuln...

Copyright 2019, cxsecurity.com

 

Back to Top