CVE-2020-5315

Name of the Vulnerable Software and Affected Versions Dell EMC Repository Manager (DRM) version 3.2

Description The issue concerns a plain-text password storage vulnerability. Specifically, the proxy server user password is stored in plain text in a local database. A local authenticated malicious user with access to the local file system may exploit the exposed password to gain access with the privileges of the compromised user.

Recommendations For Dell EMC Repository Manager (DRM) version 3.2, consider restricting access to the local file system to minimize the risk of exploitation. As a temporary workaround, limit the privileges of users who have access to the local database to reduce potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.