Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0514

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0514
Last Modified 28 Sep 2015 08:34:11
Published 21 Jan 2015 10:17:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0514

Summary

EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.

Vulnerable Systems

Application

  • Emc Vipr Srm 3.6.0

  • Emc Watch4net 6.5


References

BUGTRAQ - 20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities

MISC - https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html

BUGTRAQ - 20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected

MISC - http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html


Last Updated: 27 May 2016 11:08:12