CVE-2022-26856

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.

CVSS v3 8.2 HIGH
CVSS v2.0 2.1 LOW

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.dell.com/support/kbdoc/000197797	Vendor Advisory
https://www.dell.com/support/kbdoc/000197797	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:emc_repository_manager:3.4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:54

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/000197797 - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/000197797 - Vendor Advisory
CVSS	v2 : ~~2.1~~ v3 : ~~7.8~~	v2 : 2.1 v3 : 8.2

Information

Published : 2022-04-21 21:15

Updated : 2024-11-21 06:54

NVD link : CVE-2022-26856

Mitre link : CVE-2022-26856

CVE.ORG link : CVE-2022-26856

JSON object : View

Products Affected

dell

emc_repository_manager

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2022-26856", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-04-21T21:15:07.940", "references": [{"url": "https://www.dell.com/support/kbdoc/000197797", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/000197797", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account."}, {"lang": "es", "value": "Dell EMC Repository Manager versi\u00f3n 3.4.0, contiene una vulnerabilidad en el almacenamiento de contrase\u00f1as de texto plano. Un atacante local podr\u00eda explotar esta vulnerabilidad, conllevando a una divulgaci\u00f3n de determinadas credenciales de usuario. El atacante podr\u00eda usar las credenciales expuestas para acceder a la base de datos de la aplicaci\u00f3n vulnerable con los privilegios de la cuenta comprometida"}], "lastModified": "2024-11-21T06:54:39.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_repository_manager:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B997C1EE-40A4-4B20-B97E-9548B23EB96C"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}