Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Related CPE's

a

dell

emc_unity_operating_environment

Vulnerable

a

dell

emc_unity_xt_operating_environment

Vulnerable

a

dell

emc_unityvsa_operating_environment

Vulnerable

References

https://www.dell.com/support/kbdoc/000189204

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-522

[email protected]

Secondary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-12T16:15:08.763

3 years ago

Last modified

2022-10-24T20:14:48.707

2 years ago