CVE-2022-26856

Published: Apr 21, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.

Affected (1)

Products: Dell: Emc Repository Manager

1 product

Emc Repository Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Repository Manager	Version 3.4.0

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.dell.com/support/kbdoc/000197797

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000197797

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.