CVE-2018-1241

EUVD-2018-11874
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
emcrecoverpoint
𝑥
< 5.1.2
emcrecoverpoint_for_virtual_machines
𝑥
< 5.1.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/May/61
http://www.securityfocus.com/bid/104246
http://seclists.org/fulldisclosure/2018/May/61
http://www.securityfocus.com/bid/104246