CVE-2022-22557

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PowerStore versions 2.0.0.x through 2.0.1.x

Description The issue is related to plain-text password storage in PowerStore X & T environments. A locally authenticated attacker could exploit this, leading to the disclosure of certain user credentials. The attacker may use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Recommendations For versions 2.0.0.x and 2.0.1.x, consider restricting access to sensitive areas of the application until a fix is available. As a temporary workaround, avoid using plain-text password storage in PowerStore X & T environments. Restrict privileges of compromised accounts to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-256

Related Identifiers

CVE-2022-22557

Affected Products

Powerstore

CVE-2022-22557

Weakness Enumeration

Related Identifiers

Affected Products

References · 5