CVE-2021-43590

Published: Mar 4, 2022Modified: Nov 21, 2024

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 0.8 / Impact: 5.2

Source: NVD

Description

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Affected (1)

Products: Dell: Enterprise Storage Analytics

1 product

Enterprise Storage Analytics

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Enterprise Storage Analytics	From 4.0.1 to 6.2.1

Related CWEs

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.dell.com/support/kbdoc/en-us/000196329/dsa-2021

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000196329/dsa-2021

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.