Vulnerability Details : CVE-2018-1241
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.
Products affected by CVE-2018-1241
- cpe:2.3:a:emc:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*
- cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1241
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1241
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-1241
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)
References for CVE-2018-1241
-
http://www.securityfocus.com/bid/104246
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2018/May/61
Full Disclosure: DSA-2018-095: Dell EMC RecoverPoint Multiple VulnerabilitiesMailing List;Third Party Advisory
Jump to