CVE-2020-5374
14.07.2020, 20:15
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.Enginsight
Vendor | Product | Version |
---|---|---|
dell | emc_omimssc_for_sccm | 𝑥 < 7.2.1 |
dell | emc_omimssc_for_scvmm | 𝑥 < 7.2.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-256 - Plaintext Storage of a PasswordStoring a password in plaintext may result in a system compromise.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
References