CVE-2018-1241

8.8HIGH

Key Information:

Vendor: Dell
Status: Dell Emc Recoverpoint; Dell Emc Recoverpoint Virtual Machine (vm)
Vendor: CVE Published:; 29 May 2018

Summary

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.

Affected Version(s)

Dell EMC RecoverPoint < 5.1.2

Dell EMC RecoverPoint Virtual Machine (VM) < 5.1.1.3

References

http://seclists.org/fulldisclosure/2018/May/61

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/104246

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2018
Vulnerability Reserved
Dec 6, 2017