CVE-2016-6648

{"id": "CVE-2016-6648", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2017-02-03T07:59:00.263", "references": [{"url": "http://www.securityfocus.com/archive/1/540058/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/95821", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1037727", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system."}, {"lang": "es", "value": "Las versiones de EMC RecoverPoint anteriores a 4.4.1.1 y las versiones de EMC RecoverPoint for Virtual Machines anteriores a 5.0 se ven afectadas por la vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n sensible como resultado de permisos incorrectos establecidos en un archivo de sistema sensible. Un administrador malicioso con privilegios de configuraci\u00f3n puede tener acceso a este archivo del sistema sensible y comprometer el sistema afectado."}], "lastModified": "2017-03-08T01:10:53.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBC82D11-58B7-4240-8D63-70B5A8C0E11A", "versionEndIncluding": "4.4.1.0"}, {"criteria": "cpe:2.3:a:emc:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21147BAA-B472-4237-AEDF-AD59EE22EE03", "versionEndIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}