CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29500
https://notcve.org/view.php?id=CVE-2020-29500
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore versiones anteriores a 1.0.3.0.5.007, contienen una vulnerabilidad de Almacenamiento de Contraseña de Texto Plano en entornos PowerStore T. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a la divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/000180775 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29490
https://notcve.org/view.php?id=CVE-2020-29490
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. Las versiones de Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de Denegación de Servicio en Servidores NAS con exportaciones NFS. Un atacante autenticado remoto podría potencialmente explotar esta vulnerabilidad y causar una Denegación de Servicio (Pánico en el Procesador de Almacenamiento) mediante el envío de peticiones UDP especialmente diseñadas • https://www.dell.com/support/kbdoc/000181248 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29489
https://notcve.org/view.php?id=CVE-2020-29489
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de almacenamiento de contraseña de texto plano. Una contraseña de credenciales de usuario (incluyendo privilegios de usuario administrador Unisphere) es almacenada en texto plano en un archivo del sistema. • https://www.dell.com/support/kbdoc/000181248 • CWE-276: Incorrect Default Permissions CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26199
https://notcve.org/view.php?id=CVE-2020-26199
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de almacenamiento de contraseña de texto plano. Una contraseña de las credenciales de usuario (incluyendo privilegios de usuario administrador Unisphere) es almacenada en texto plano en múltiples archivos de registro. • https://www.dell.com/support/kbdoc/000181248 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26181
https://notcve.org/view.php?id=CVE-2020-26181
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. Dell EMC Isilon OneFS versiones 8.1 y posteriores y Dell EMC PowerScale OneFS versión 9.0.0, contienen una vulnerabilidad de escalamiento de privilegios en un clúster de modo SmartLock Compliance. El usuario compadmin que se conecta usando ISI PRIV LOGIN SSH o ISI PRIV LOGIN CONSOLE puede elevar los privilegios al usuario root si tiene privilegios ISI PRIV HARDENING • https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co • CWE-269: Improper Privilege Management •