DSA-2022-076: Dell EMC Repository Manager Security Update for a Plain-Text Password Storage Vulnerability
Samenvatting: Dell EMC Repository Manager remediation is available for a plain-text password storage vulnerability that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Gegevens
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26856 | Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26856 | Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Getroffen producten en herstel
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-26856 | Dell EMC Repository Manager |
3.4 |
3.4.1 | Link to update |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-26856 | Dell EMC Repository Manager |
3.4 |
3.4.1 | Link to update |
Tijdelijke oplossingen en risicobeperking
For Dell EMC Repository Manager (DRM) version 3.4, an Admin user can change the database password to a new password as a workaround for CVE-2022-26856. For workaround to be effective, Admin must change the initial database password that was created at installation or update. Dell recommends making this password different from the initial password created for the database.
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2022-04-04 | Initial Release |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Product Security Information, Dell EMC Repository Manager - Current VersionsArtikeleigenschappen
Artikelnummer: 000197797
Artikeltype: Dell Security Advisory
Laatst aangepast: 04 apr. 2022
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.