CVE-2016-0912 — Dell EMC Data Domain OS vulnerability

CWE-2643 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.1%

top 21.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Data Domain OS

Timeline

PublishedJun 19

Latest updateMay 13

Description

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDdell/emc_data_domain_os5.7.1.0

🔴Vulnerability Details

GHSA

GHSA-62j7-m32f-g9j9: EMC Data Domain OS 5↗2022-05-13

▶

CVEList

CVE-2016-0912: EMC Data Domain OS 5↗2016-06-19

▶