Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ESRS Virtual Edition by DELL EMC

    CVE-2018-15765 (GCVE-0-2018-15765)

    Vulnerability from nvd – Published: 2018-10-18 22:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.
    CWE
    • Information Exposure Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/35 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105694 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041877 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    DELL EMC ESRS Virtual Edition Affected: unspecified , < 3.32.00.08 (custom)
    Create a notification for this product.
    Date Public
    2018-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
              },
              {
                "name": "105694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105694"
              },
              {
                "name": "1041877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041877"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESRS Virtual Edition",
              "vendor": "DELL EMC",
              "versions": [
                {
                  "lessThan": "3.32.00.08",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "105694",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105694"
            },
            {
              "name": "1041877",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041877"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
              "ID": "CVE-2018-15765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESRS Virtual Edition",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.32.00.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "DELL EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
                },
                {
                  "name": "105694",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105694"
                },
                {
                  "name": "1041877",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041877"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15765",
        "datePublished": "2018-10-18T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:30.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11080 (GCVE-0-2018-11080)

    Vulnerability from nvd – Published: 2018-10-18 22:00 – Updated: 2024-09-17 02:52
    VLAI
    Summary
    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.
    CWE
    • Improper File Permissions Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/35 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105694 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041877 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    DELL EMC ESRS Virtual Edition Affected: unspecified , < 3.32.00.08 (custom)
    Create a notification for this product.
    Date Public
    2018-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
              },
              {
                "name": "105694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105694"
              },
              {
                "name": "1041877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041877"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESRS Virtual Edition",
              "vendor": "DELL EMC",
              "versions": [
                {
                  "lessThan": "3.32.00.08",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper File Permissions Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "105694",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105694"
            },
            {
              "name": "1041877",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041877"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
              "ID": "CVE-2018-11080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESRS Virtual Edition",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.32.00.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "DELL EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper File Permissions Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
                },
                {
                  "name": "105694",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105694"
                },
                {
                  "name": "1041877",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041877"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11080",
        "datePublished": "2018-10-18T22:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:52:05.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11079 (GCVE-0-2018-11079)

    Vulnerability from nvd – Published: 2018-10-18 22:00 – Updated: 2024-09-17 01:26
    VLAI
    Summary
    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
    CWE
    • Plaintext Password Storage Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/35 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105694 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041877 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    DELL EMC ESRS Virtual Edition Affected: unspecified , < 3.32.00.08 (custom)
    Create a notification for this product.
    Date Public
    2018-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
              },
              {
                "name": "105694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105694"
              },
              {
                "name": "1041877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041877"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESRS Virtual Edition",
              "vendor": "DELL EMC",
              "versions": [
                {
                  "lessThan": "3.32.00.08",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Plaintext Password Storage Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "105694",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105694"
            },
            {
              "name": "1041877",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041877"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
              "ID": "CVE-2018-11079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESRS Virtual Edition",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.32.00.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "DELL EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Plaintext Password Storage Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
                },
                {
                  "name": "105694",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105694"
                },
                {
                  "name": "1041877",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041877"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11079",
        "datePublished": "2018-10-18T22:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:15.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11079 (GCVE-0-2018-11079)

    Vulnerability from cvelistv5 – Published: 2018-10-18 22:00 – Updated: 2024-09-17 01:26
    VLAI
    Summary
    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
    CWE
    • Plaintext Password Storage Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/35 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105694 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041877 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    DELL EMC ESRS Virtual Edition Affected: unspecified , < 3.32.00.08 (custom)
    Create a notification for this product.
    Date Public
    2018-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
              },
              {
                "name": "105694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105694"
              },
              {
                "name": "1041877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041877"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESRS Virtual Edition",
              "vendor": "DELL EMC",
              "versions": [
                {
                  "lessThan": "3.32.00.08",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Plaintext Password Storage Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "105694",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105694"
            },
            {
              "name": "1041877",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041877"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
              "ID": "CVE-2018-11079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESRS Virtual Edition",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.32.00.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "DELL EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Plaintext Password Storage Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
                },
                {
                  "name": "105694",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105694"
                },
                {
                  "name": "1041877",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041877"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11079",
        "datePublished": "2018-10-18T22:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:15.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15765 (GCVE-0-2018-15765)

    Vulnerability from cvelistv5 – Published: 2018-10-18 22:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.
    CWE
    • Information Exposure Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/35 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105694 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041877 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    DELL EMC ESRS Virtual Edition Affected: unspecified , < 3.32.00.08 (custom)
    Create a notification for this product.
    Date Public
    2018-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
              },
              {
                "name": "105694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105694"
              },
              {
                "name": "1041877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041877"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESRS Virtual Edition",
              "vendor": "DELL EMC",
              "versions": [
                {
                  "lessThan": "3.32.00.08",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "105694",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105694"
            },
            {
              "name": "1041877",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041877"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
              "ID": "CVE-2018-15765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESRS Virtual Edition",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.32.00.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "DELL EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
                },
                {
                  "name": "105694",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105694"
                },
                {
                  "name": "1041877",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041877"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15765",
        "datePublished": "2018-10-18T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:30.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11080 (GCVE-0-2018-11080)

    Vulnerability from cvelistv5 – Published: 2018-10-18 22:00 – Updated: 2024-09-17 02:52
    VLAI
    Summary
    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.
    CWE
    • Improper File Permissions Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/35 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105694 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041877 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    DELL EMC ESRS Virtual Edition Affected: unspecified , < 3.32.00.08 (custom)
    Create a notification for this product.
    Date Public
    2018-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
              },
              {
                "name": "105694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105694"
              },
              {
                "name": "1041877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041877"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESRS Virtual Edition",
              "vendor": "DELL EMC",
              "versions": [
                {
                  "lessThan": "3.32.00.08",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper File Permissions Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "105694",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105694"
            },
            {
              "name": "1041877",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041877"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
              "ID": "CVE-2018-11080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESRS Virtual Edition",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.32.00.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "DELL EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper File Permissions Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
                },
                {
                  "name": "105694",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105694"
                },
                {
                  "name": "1041877",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041877"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11080",
        "datePublished": "2018-10-18T22:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:52:05.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }