| Vulnerability Name: | CVE-2017-8001 (CCN-135155) | ||||||||||||
| Assigned: | 2017-11-20 | ||||||||||||
| Published: | 2017-11-20 | ||||||||||||
| Updated: | 2019-11-14 | ||||||||||||
| Summary: | An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | ||||||||||||
| CVSS v3 Severity: | 8.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.3 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-532 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-8001 Source: CCN Type: EMC Security Advisory ESA-2017-094 EMC ScaleIO Multiple Vulnerabilities Source: CONFIRM Type: Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2017/Nov/35 Source: CCN Type: EMC Web site EMC ScaleIO Source: BID Type: Third Party Advisory, VDB Entry 101997 Source: CCN Type: BID-101997 EMC ScaleIO CVE-2017-8001 Local Information Disclosure Vulnerability Source: XF Type: UNKNOWN emc-cve20178001-info-disc(135155) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||