CVE-2014-4620

Name of the Vulnerable Software and Affected Versions EMC NetWorker Module for MEDITECH (aka NMMEDI) versions 3.0 build 87 through 3.0 build 90

Description The issue allows local users to obtain sensitive information by reading log files. Specifically, when EMC RecoverPoint and Plink are used, cleartext RecoverPoint Appliance credentials are stored in nsrmedisv.raw log files.

Recommendations For versions 3.0 build 87 through 3.0 build 90, consider restricting access to the nsrmedisv.raw log files to minimize the risk of exploitation. Additionally, as a temporary workaround, avoid using EMC RecoverPoint and Plink together until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.