CVE-2020-26199

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 85.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell EMC Unity Operating Environment Dell EMC Unity VSA Operating Environment +1 more

Timeline

PublishedJan 5

Latest updateMay 24

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages4 packages

▶NVDdell/emc_unity_vsa_operating_environment< 5.0.4.0.5.012

▶CVEListV5dell/unityunspecified — 5.0.4.0.5.012

▶NVDdell/emc_unity_operating_environment< 5.0.4.0.5.012

▶NVDdell/emc_unity_xt_operating_environment< 5.0.4.0.5.012

🔴Vulnerability Details

GHSA

GHSA-423p-ch83-27qw: Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5↗2022-05-24

▶

CVEList

CVE-2020-26199: Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5↗2021-01-05

▶