CVE-2013-3287

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-10/0155.html
http://www.securityfocus.com/bid/63425

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:emc_unisphere::::::vmax::*
	cpe:2.3:a:dell:emc_unisphere:1.0:::::vmax::
	cpe:2.3:a:dell:emc_unisphere:1.1:::::vmax::
	cpe:2.3:a:dell:emc_unisphere:1.5:::::vmax::

History

05 Aug 2021, 14:46

Type	Values Removed	Values Added
CPE	cpe:2.3:a:emc:unisphere:1.0:-::::vmax::* cpe:2.3:a:emc:unisphere:1.1:-::::vmax::* cpe:2.3:a:emc:unisphere::-::::vmax:: cpe:2.3:a:emc:unisphere:1.5:-::::vmax::*	cpe:2.3:a:dell:emc_unisphere::::::vmax::* cpe:2.3:a:dell:emc_unisphere:1.0:::::vmax:: cpe:2.3:a:dell:emc_unisphere:1.5:::::vmax:: cpe:2.3:a:dell:emc_unisphere:1.1:::::vmax::

Information

Published : 2013-11-02 19:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-3287

Mitre link : CVE-2013-3287

CVE.ORG link : CVE-2013-3287

JSON object : View

Products Affected

dell

emc_unisphere

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2013-3287", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-11-02T19:55:04.493", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0155.html", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/63425", "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console."}, {"lang": "es", "value": "EMC Unisphere para VMAX anterior a 1.6.1.6, cuando se utiliza un nivel no especificado del registro de depuraci\u00f3n en las configuraciones de LDAP, permite a los usuarios locales descubrir la contrase\u00f1a LDAP bind sin cifrar mediante la lectura de la consola."}], "lastModified": "2021-08-05T14:46:01.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_unisphere:*:*:*:*:*:vmax:*:*", "vulnerable": true, "matchCriteriaId": "1F147989-66CD-4BAE-B0BA-D2144376D7D1", "versionEndIncluding": "1.6"}, {"criteria": "cpe:2.3:a:dell:emc_unisphere:1.0:*:*:*:*:vmax:*:*", "vulnerable": true, "matchCriteriaId": "A0A8A0CA-0760-4751-AB8F-DE9B472CA0E7"}, {"criteria": "cpe:2.3:a:dell:emc_unisphere:1.1:*:*:*:*:vmax:*:*", "vulnerable": true, "matchCriteriaId": "69255668-4966-4BBD-91EC-BFFE800D6F5A"}, {"criteria": "cpe:2.3:a:dell:emc_unisphere:1.5:*:*:*:*:vmax:*:*", "vulnerable": true, "matchCriteriaId": "4BCFCC0D-F6E5-4FF8-A513-DF5192B98675"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}