Information Disclosure in Dell EMC RecoverPoint Versions
CVE-2018-1241

8.8HIGH

Key Information:

Vendor: Dell
Status: Dell Emc Recoverpoint; Dell Emc Recoverpoint Virtual Machine (vm)
Vendor: CVE Published:; 29 May 2018

Summary

An information disclosure vulnerability exists in Dell EMC RecoverPoint that allows an authenticated malicious user to access sensitive LDAP credentials in plain-text format from log files. This may lead to unauthorized access and potential further attacks, particularly if proper security measures are not in place. Affected users should upgrade to RecoverPoint version 5.1.2 or later, or RecoverPoint for VMs version 5.1.1.3 or later to mitigate this issue.

Affected Version(s)

Dell EMC RecoverPoint < 5.1.2

Dell EMC RecoverPoint Virtual Machine (VM) < 5.1.1.3

References

http://seclists.org/fulldisclosure/2018/May/61

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/104246

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2018
Vulnerability Reserved
Dec 6, 2017