cvelistv5 - cve-2018-15765

CVE-2018-15765 (GCVE-0-2018-15765)

Vulnerability from cvelistv5 – Published: 2018-10-18 22:00 – Updated: 2024-09-16 19:36

Summary

Severity ?

3.4 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE

Information Exposure Vulnerability

Assigner

dell

References

URL

Tags

	https://seclists.org/fulldisclosure/2018/Oct/35	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/bid/105694	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1041877	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	DELL EMC	ESRS Virtual Edition	Affected: unspecified , < 3.32.00.08 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:01:54.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
          },
          {
            "name": "105694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105694"
          },
          {
            "name": "1041877",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041877"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ESRS Virtual Edition",
          "vendor": "DELL EMC",
          "versions": [
            {
              "lessThan": "3.32.00.08",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Exposure Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-24T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
        },
        {
          "name": "105694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105694"
        },
        {
          "name": "1041877",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041877"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
          "ID": "CVE-2018-15765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ESRS Virtual Edition",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "3.32.00.08"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "DELL EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Exposure Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "105694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105694"
            },
            {
              "name": "1041877",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041877"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-15765",
    "datePublished": "2018-10-18T22:00:00Z",
    "dateReserved": "2018-08-23T00:00:00",
    "dateUpdated": "2024-09-16T19:36:30.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_secure_remote_services:*:*:*:*:virtual:*:*:*\", \"versionEndExcluding\": \"3.32.00.08\", \"matchCriteriaId\": \"A3C1CBA4-5DC3-4C0C-A8A5-0091D72CE9F3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.\"}, {\"lang\": \"es\", \"value\": \"Dell EMC Secure Remote Services en versiones anteriores a la 3.32.00.08 contiene una vulnerabilidad de exposici\\u00f3n de informaci\\u00f3n. El archivo de registro almacena datos sensibles incluyendo los comandos ejecutados para generar tokens de autenticaci\\u00f3n que podr\\u00edan ser \\u00fatiles para un atacante para que manipule tokens de autenticaci\\u00f3n maliciosos para consultar la aplicaci\\u00f3n y realizar m\\u00e1s ataques.\"}]",
      "id": "CVE-2018-15765",
      "lastModified": "2024-11-21T03:51:25.700",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 3.4, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-18T22:29:00.630",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105694\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041877\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2018/Oct/35\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105694\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2018/Oct/35\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-15765\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-10-18T22:29:00.630\",\"lastModified\":\"2024-11-21T03:51:25.700\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.\"},{\"lang\":\"es\",\"value\":\"Dell EMC Secure Remote Services en versiones anteriores a la 3.32.00.08 contiene una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. El archivo de registro almacena datos sensibles incluyendo los comandos ejecutados para generar tokens de autenticaci\u00f3n que podr\u00edan ser \u00fatiles para un atacante para que manipule tokens de autenticaci\u00f3n maliciosos para consultar la aplicaci\u00f3n y realizar m\u00e1s ataques.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_secure_remote_services:*:*:*:*:virtual:*:*:*\",\"versionEndExcluding\":\"3.32.00.08\",\"matchCriteriaId\":\"A3C1CBA4-5DC3-4C0C-A8A5-0091D72CE9F3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105694\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041877\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2018/Oct/35\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2018/Oct/35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-15765

Vulnerability from fkie_nvd - Published: 2018-10-18 22:29 - Updated: 2024-11-21 03:51

Severity ?

3.4 (Low) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/bid/105694	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1041877	Third Party Advisory, VDB Entry
security_alert@emc.com	https://seclists.org/fulldisclosure/2018/Oct/35	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105694	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041877	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2018/Oct/35	Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	dell	emc_secure_remote_services	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_secure_remote_services:*:*:*:*:virtual:*:*:*",
              "matchCriteriaId": "A3C1CBA4-5DC3-4C0C-A8A5-0091D72CE9F3",
              "versionEndExcluding": "3.32.00.08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
    },
    {
      "lang": "es",
      "value": "Dell EMC Secure Remote Services en versiones anteriores a la 3.32.00.08 contiene una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. El archivo de registro almacena datos sensibles incluyendo los comandos ejecutados para generar tokens de autenticaci\u00f3n que podr\u00edan ser \u00fatiles para un atacante para que manipule tokens de autenticaci\u00f3n maliciosos para consultar la aplicaci\u00f3n y realizar m\u00e1s ataques."
    }
  ],
  "id": "CVE-2018-15765",
  "lastModified": "2024-11-21T03:51:25.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 2.5,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-18T22:29:00.630",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105694"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041877"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-15765

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-15765

Aliases

CVE-2018-15765

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-15765",
    "description": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.",
    "id": "GSD-2018-15765"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-15765"
      ],
      "details": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.",
      "id": "GSD-2018-15765",
      "modified": "2023-12-13T01:22:23.627202Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
        "ID": "CVE-2018-15765",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ESRS Virtual Edition",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "3.32.00.08"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "DELL EMC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Exposure Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
          },
          {
            "name": "105694",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105694"
          },
          {
            "name": "1041877",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041877"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_secure_remote_services:*:*:*:*:virtual:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.32.00.08",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-15765"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
            },
            {
              "name": "1041877",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041877"
            },
            {
              "name": "105694",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105694"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:35Z",
      "publishedDate": "2018-10-18T22:29Z"
    }
  }
}

VAR-201810-0110

Vulnerability from variot - Updated: 2023-12-18 12:28

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks. Dell EMC ESRS virtual edition is prone to the following multiple security vulnerabilities. 1. An insecure file permission vulnerability 2. A plaintext password storage vulnerability 3. A information disclosure vulnerability Successfully exploiting this issue can allow an attacker to obtain sensitive information , to bypass certain security restrictions to perform unauthorized actions and use the sensitive data available that may aid in launching further attacks. This software is used to provide remote connection between EMC customer service and user's EMC products and solutions. An attacker could exploit this vulnerability to obtain information.

Details: 1. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges. CVSSv3 Base Score: 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database. CVSSv3 Base Score: 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Dell Product Security Incident Response Team secure@dell.comsecure@dell.com

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlvEhxEACgkQgSlofD2Y i6dKYQ//cRY70VtXrzbeCc/8y3ManHY8OoDga3nxgLHqs1NuBoCME4Fe1KGUPg1R j4Wxi5IXo/ZAjPxmzTZgXfs2i3KdhVFt/mYyV2qGjn2ciH6XKkEa/8MUMeEWC4p+ 6/OIdleuxie/vXH+K772gTfM477E6nKFV9G79/SKulFD+i6bkHqxmtU22aj5/V+t Cd895DDQngNMtx853euh9OuP4xMw/neEeNmcu+WSVtfoDCB0XEWPp/upExCre/2/ ThFU1bx8PP15FhzeQNzzMZHpVLPB0qG3sbFwCVsMxnpgF8PqTEaRSudi9WTZVdWw c7hKhO3nzlPYNE+br6T02d8z0CjuDc3NVW4FPt7gfKO1bkBVEvq/4MwwesBARhV1 4FUiQ1YaxC/GHTkjBhNQcy+2KpohMZEprwPY7nT2S75YLXhGs50vAPDbnzhZ+dmk EJgp4DGxwDM1sPx8HVwvqrc6R5lk+ZaULEKSmBei2bXYbcXLEEjIZYtPbEcjMHfs Uz7aRkOaG/G+Z104mkPH1mtQpnotOu0icfyOOiRtRrJW/7dcUVOdK7DqbAUwW7mA o/UwkcVJmUfz0f5Wdjv/vSBu2KgHP7QymXU57e3Lp8TOaSwK9405KVJhpXXLutPf cUQEyqIwlBw8WU5o8rm6kNWBGRfKpFF6DjU4q+9D0TSrN28N/Kk= =vLNR -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0110",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emc secure remote services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.32.00.08"
      },
      {
        "model": "secure remote services",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "3.32.00.08"
      },
      {
        "model": "esrs virtual edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "3.28"
      },
      {
        "model": "esrs virtual edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "3.24"
      },
      {
        "model": "esrs virtual edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "3.10"
      },
      {
        "model": "esrs virtual edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "3.08"
      },
      {
        "model": "esrs virtual edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "3.32.00.08"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_secure_remote_services:*:*:*:*:virtual:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.32.00.08",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell",
    "sources": [
      {
        "db": "BID",
        "id": "105694"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-15765",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-15765",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-126057",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "security_alert@emc.com",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-15765",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-15765",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2018-15765",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-1053",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126057",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks. Dell EMC ESRS virtual edition is prone to the following multiple security vulnerabilities. \n1. An insecure file permission vulnerability\n2. A plaintext password storage vulnerability\n3. A information disclosure vulnerability\nSuccessfully exploiting this issue can allow an attacker to obtain sensitive information ,  to bypass certain security restrictions to perform unauthorized actions and use the sensitive data available that may aid in launching further attacks. This software is used to provide remote connection between EMC customer service and user\u0027s EMC products and solutions. An attacker could exploit this vulnerability to obtain information. \n\nDetails:\n1. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges. \nCVSSv3 Base Score: 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)\n\n2. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database. \nCVSSv3 Base Score: 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n3. \n\nSeverity Rating\nFor an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nLegal Information\nRead and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). The information set forth herein is provided \"as is\" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus\n iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \n\nDell Product Security Incident Response Team\nsecure@dell.com\u003cmailto:secure@dell.com\u003e\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlvEhxEACgkQgSlofD2Y\ni6dKYQ//cRY70VtXrzbeCc/8y3ManHY8OoDga3nxgLHqs1NuBoCME4Fe1KGUPg1R\nj4Wxi5IXo/ZAjPxmzTZgXfs2i3KdhVFt/mYyV2qGjn2ciH6XKkEa/8MUMeEWC4p+\n6/OIdleuxie/vXH+K772gTfM477E6nKFV9G79/SKulFD+i6bkHqxmtU22aj5/V+t\nCd895DDQngNMtx853euh9OuP4xMw/neEeNmcu+WSVtfoDCB0XEWPp/upExCre/2/\nThFU1bx8PP15FhzeQNzzMZHpVLPB0qG3sbFwCVsMxnpgF8PqTEaRSudi9WTZVdWw\nc7hKhO3nzlPYNE+br6T02d8z0CjuDc3NVW4FPt7gfKO1bkBVEvq/4MwwesBARhV1\n4FUiQ1YaxC/GHTkjBhNQcy+2KpohMZEprwPY7nT2S75YLXhGs50vAPDbnzhZ+dmk\nEJgp4DGxwDM1sPx8HVwvqrc6R5lk+ZaULEKSmBei2bXYbcXLEEjIZYtPbEcjMHfs\nUz7aRkOaG/G+Z104mkPH1mtQpnotOu0icfyOOiRtRrJW/7dcUVOdK7DqbAUwW7mA\no/UwkcVJmUfz0f5Wdjv/vSBu2KgHP7QymXU57e3Lp8TOaSwK9405KVJhpXXLutPf\ncUQEyqIwlBw8WU5o8rm6kNWBGRfKpFF6DjU4q+9D0TSrN28N/Kk=\n=vLNR\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "BID",
        "id": "105694"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "db": "PACKETSTORM",
        "id": "149840"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-15765",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "105694",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1041877",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-126057",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149840",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "db": "BID",
        "id": "105694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "PACKETSTORM",
        "id": "149840"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ]
  },
  "id": "VAR-201810-0110",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126057"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:28:44.596000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.dellemc.com/en-us/index.htm"
      },
      {
        "title": "Dell EMC Secure Remote Services Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86202"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://seclists.org/fulldisclosure/2018/oct/35"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105694"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1041877"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15765"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15765"
      },
      {
        "trust": 0.3,
        "url": "http://dell.com"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/servicecenter/contactemc/)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11080"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/kb/468307)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11079"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "db": "BID",
        "id": "105694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "PACKETSTORM",
        "id": "149840"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "db": "BID",
        "id": "105694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "db": "PACKETSTORM",
        "id": "149840"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "date": "2018-10-15T00:00:00",
        "db": "BID",
        "id": "105694"
      },
      {
        "date": "2019-02-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "date": "2018-10-17T15:51:32",
        "db": "PACKETSTORM",
        "id": "149840"
      },
      {
        "date": "2018-10-18T22:29:00.630000",
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "date": "2018-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126057"
      },
      {
        "date": "2018-10-15T00:00:00",
        "db": "BID",
        "id": "105694"
      },
      {
        "date": "2019-02-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      },
      {
        "date": "2019-10-09T23:35:52.547000",
        "db": "NVD",
        "id": "CVE-2018-15765"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC Secure Remote Services Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012387"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1053"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2018-21072

Vulnerability from cnvd - Published: 2018-10-17

Title

Dell EMC ESRS Virtual Edition信息泄露漏洞

Description

Dell EMC ESRS是DEll公司安全存储产品。 Dell EMC ESRS Virtual Edition存在信息泄露漏洞，日志文件内容存储敏感数据，包括执行的命令以生成认证令牌，这可能对攻击者用于制作用于查询应用程序和后续攻击的恶意认证令牌有用。

Severity

低

Patch Name

Dell EMC ESRS Virtual Edition信息泄露漏洞的补丁

Patch Description

Dell EMC ESRS是DEll公司安全存储产品。 Dell EMC ESRS Virtual Edition存在信息泄露漏洞，日志文件内容存储敏感数据，包括执行的命令以生成认证令牌，这可能对攻击者用于制作用于查询应用程序和后续攻击的恶意认证令牌有用。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.dell.com/zh-cn

Reference

https://seclists.org/fulldisclosure/2018/Oct/35

Impacted products

Name
Dell EMC Secure Remote Services Virtual Edition <3.32.00.08

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-15765"
    }
  },
  "description": "Dell EMC ESRS\u662fDEll\u516c\u53f8\u5b89\u5168\u5b58\u50a8\u4ea7\u54c1\u3002\r\n\r\nDell EMC ESRS Virtual Edition\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u65e5\u5fd7\u6587\u4ef6\u5185\u5bb9\u5b58\u50a8\u654f\u611f\u6570\u636e\uff0c\u5305\u62ec\u6267\u884c\u7684\u547d\u4ee4\u4ee5\u751f\u6210\u8ba4\u8bc1\u4ee4\u724c\uff0c\u8fd9\u53ef\u80fd\u5bf9\u653b\u51fb\u8005\u7528\u4e8e\u5236\u4f5c\u7528\u4e8e\u67e5\u8be2\u5e94\u7528\u7a0b\u5e8f\u548c\u540e\u7eed\u653b\u51fb\u7684\u6076\u610f\u8ba4\u8bc1\u4ee4\u724c\u6709\u7528\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.dell.com/zh-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-21072",
  "openTime": "2018-10-17",
  "patchDescription": "Dell EMC ESRS\u662fDEll\u516c\u53f8\u5b89\u5168\u5b58\u50a8\u4ea7\u54c1\u3002\r\n\r\nDell EMC ESRS Virtual Edition\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u65e5\u5fd7\u6587\u4ef6\u5185\u5bb9\u5b58\u50a8\u654f\u611f\u6570\u636e\uff0c\u5305\u62ec\u6267\u884c\u7684\u547d\u4ee4\u4ee5\u751f\u6210\u8ba4\u8bc1\u4ee4\u724c\uff0c\u8fd9\u53ef\u80fd\u5bf9\u653b\u51fb\u8005\u7528\u4e8e\u5236\u4f5c\u7528\u4e8e\u67e5\u8be2\u5e94\u7528\u7a0b\u5e8f\u548c\u540e\u7eed\u653b\u51fb\u7684\u6076\u610f\u8ba4\u8bc1\u4ee4\u724c\u6709\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC ESRS Virtual Edition\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Dell EMC Secure Remote Services Virtual Edition \u003c3.32.00.08"
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Oct/35",
  "serverity": "\u4f4e",
  "submitTime": "2018-10-17",
  "title": "Dell EMC ESRS Virtual Edition\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-WX5R-67FW-WHCH

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-15765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-18T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.",
  "id": "GHSA-wx5r-67fw-whch",
  "modified": "2022-05-13T01:34:08Z",
  "published": "2022-05-13T01:34:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15765"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2018/Oct/35"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105694"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-15765 (GCVE-0-2018-15765)

FKIE_CVE-2018-15765

GSD-2018-15765

VAR-201810-0110

CNVD-2018-21072

GHSA-WX5R-67FW-WHCH

Tags

Sightings

Nomenclature