PT-2022-18105 · Dell Emc · Dell Repository Manager

Published

2022-04-21

Updated

2022-05-03

CVE-2022-26856

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC Repository Manager version 3.4.0

Description The issue concerns a plain-text password storage vulnerability. A local attacker could exploit this, potentially leading to the disclosure of certain user credentials. The exposed credentials may allow access to the vulnerable application's database with the privileges of the compromised account.

Recommendations For Dell EMC Repository Manager version 3.4.0, update to a version that addresses the plain-text password storage issue to prevent potential exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2022-26856

Affected Products

Dell Repository Manager

PT-2022-18105 · Dell Emc · Dell Repository Manager

CVE-2022-26856

Weakness Enumeration

Related Identifiers

Affected Products

References · 3