Vulnerability Description
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Unity Operating Environment | < 5.0.0.0.5.116 |
| Dell | Emc Unityvsa Operating Environment | < 5.0.0.0.5.116 |
Related Weaknesses (CWE)
References
- https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/detaiBroken LinkVendor Advisory
- https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/detaiBroken LinkVendor Advisory
FAQ
What is CVE-2019-3741?
CVE-2019-3741 is a vulnerability with a CVSS score of 7.8 (HIGH). Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain t...
How severe is CVE-2019-3741?
CVE-2019-3741 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3741?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Unity Operating Environment, Dell Emc Unityvsa Operating Environment.