CVE-2014-4620

LOW

Description

The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

References

http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html

http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html

http://secunia.com/advisories/61952

http://www.securityfocus.com/bid/70726

http://www.securitytracker.com/id/1031116

https://exchange.xforce.ibmcloud.com/vulnerabilities/97756

Details

Source: MITRE

Published: 2014-10-25

Updated: 2017-08-29

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW