Description

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

Related CPE's

a

dell

replay_manager_for_vmware

Vulnerable

a

dell

storage_integration_tools_for_vmware

Vulnerable

a

dell

storage_vsphere_client_plugin

Vulnerable

References

https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-540

[email protected]

Secondary
CWE-668

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-16T16:15:11.217

1 year ago

Last modified

2023-11-03T19:00:17.957

1 year ago