CVE-2020-29489
Severity CVSS v4.0:
Pending analysis
Type:
CWE-312
Cleartext Storage of Sensitive Information
Publication date:
05/01/2021
Last modified:
12/01/2021
Description
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.
Impact
Base Score 3.x
6.70
Severity 3.x
MEDIUM
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:* | 5.0.4.0.5.012 (excluding) | |
cpe:2.3:a:dell:emc_unity_vsa_operating_environment:*:*:*:*:*:*:*:* | 5.0.4.0.5.012 (excluding) | |
cpe:2.3:a:dell:emc_unity_xt_operating_environment:*:*:*:*:*:*:*:* | 5.0.4.0.5.012 (excluding) |
To consult the complete list of CPE names with products and versions, see this page