CVE-2018-11079
https://notcve.org/view.php?id=CVE-2018-11079
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database. Dell EMC Secure Remote Services en versiones anteriores a la 3.32.00.08 contiene una vulnerabilidad de almacenamiento de contraseñas en texto plano. Las credenciales de la base de datos se almacenan en texto plano en un archivo de configuración. • http://www.securityfocus.com/bid/105694 http://www.securitytracker.com/id/1041877 https://seclists.org/fulldisclosure/2018/Oct/35 • CWE-522: Insufficiently Protected Credentials •
CVE-2018-11080
https://notcve.org/view.php?id=CVE-2018-11080
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges. Dell EMC Secure Remote Services en versiones anteriores a la 3.32.00.08 contiene vulnerabilidades de permisos de archivo incorrectos. La aplicación contiene múltiples archivos de configuración con permisos de lectura global que podrían permitir que un usuario autenticado malicioso emplee el contenido del archivo para elevar sus privilegios. • http://www.securityfocus.com/bid/105694 http://www.securitytracker.com/id/1041877 https://seclists.org/fulldisclosure/2018/Oct/35 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2015-0544
https://notcve.org/view.php?id=CVE-2015-0544
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x anterior a 3.06 no genera correctamente los valores aleatorios para las cookies de sesión, lo que facilita a atacantes remotos secuestrar sesiones mediante la previsión de un valor. • http://seclists.org/bugtraq/2015/Jun/132 http://www.securitytracker.com/id/1032740 •
CVE-2015-0543
https://notcve.org/view.php?id=CVE-2015-0543
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x anterior a 3.06 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://seclists.org/bugtraq/2015/Jun/132 http://www.securitytracker.com/id/1032740 • CWE-20: Improper Input Validation •