PT-2013-4274 · Emc · Vplex

Published

2013-10-01

Updated

2013-10-02

CVE-2013-3278

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions EMC VPLEX versions prior to VPLEX GeoSynchrony 5.2 SP1

Description The issue allows local users to obtain sensitive information by reading the management-server configuration file, as the LDAP/AD bind password is stored in cleartext.

Recommendations For versions prior to VPLEX GeoSynchrony 5.2 SP1, update to VPLEX GeoSynchrony 5.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the management-server configuration file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2013-3278

Affected Products

Vplex

PT-2013-4274 · Emc · Vplex

CVE-2013-3278

Weakness Enumeration

Related Identifiers

Affected Products

References · 2