CVE-2018-15765

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.
References
Link Resource
http://www.securityfocus.com/bid/105694 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041877 Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2018/Oct/35 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/105694 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041877 Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2018/Oct/35 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:emc_secure_remote_services:*:*:*:*:virtual:*:*:*

History

21 Nov 2024, 03:51

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 5.5
v2 : 2.1
v3 : 3.4
References () http://www.securityfocus.com/bid/105694 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105694 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1041877 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1041877 - Third Party Advisory, VDB Entry
References () https://seclists.org/fulldisclosure/2018/Oct/35 - Mailing List, Third Party Advisory () https://seclists.org/fulldisclosure/2018/Oct/35 - Mailing List, Third Party Advisory

Information

Published : 2018-10-18 22:29

Updated : 2024-11-21 03:51


NVD link : CVE-2018-15765

Mitre link : CVE-2018-15765

CVE.ORG link : CVE-2018-15765


JSON object : View

Products Affected

dell

  • emc_secure_remote_services
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor