Information Exposure in Dell EMC Secure Remote Services
CVE-2018-15765

3.4LOW

Key Information:

Vendor
Dell
Status
Esrs Virtual Edition
Vendor
CVE Published:
18 October 2018

Summary

Dell EMC Secure Remote Services prior to version 3.32.00.08 exposes sensitive data in its log files, including executed commands used to generate authentication tokens. This exposure could allow an attacker to misuse this information to create malicious authentication tokens, potentially leading to unauthorized access and further attacks on the application. Organizations using affected versions are encouraged to update to mitigate the risks associated with this vulnerability.

Affected Version(s)

ESRS Virtual Edition < 3.32.00.08

References

https://seclists.org/fulldisclosure/2018/Oct/35
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/105694
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041877
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.