Dell EMC Unity and UnityVSA versions... CVE-2019-3741

2.1 AV AC AU C I A
发布: 2019-01-03
修订: 2020-11-26

Dell EMC Unity and UnityVSA versions prior to contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.