CVE-2020-29489

Severity CVSS v4.0:
Pending analysis
Type:
CWE-312 Cleartext Storage of Sensitive Information
Publication date:
05/01/2021
Last modified:
12/01/2021

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:* 5.0.4.0.5.012 (excluding)
cpe:2.3:a:dell:emc_unity_vsa_operating_environment:*:*:*:*:*:*:*:* 5.0.4.0.5.012 (excluding)
cpe:2.3:a:dell:emc_unity_xt_operating_environment:*:*:*:*:*:*:*:* 5.0.4.0.5.012 (excluding)


References to Advisories, Solutions, and Tools