CVE-2021-43590

EPSS 0.02%
Veröffentlicht 04.03.2022 21:15:09
Zuletzt bearbeitet 21.11.2024 06:29:30
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Enterprise Storage Analytics SwPlatformvrealize_operations Version >= 4.0.1 <= 6.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:P/A:N
security_alert@emc.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-256 Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.dell.com/support/kbdoc/en-us/000196329/dsa-2021

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-43590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-43590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-43590

EUVD