CVE-2013-3287
First published: Sat Nov 02 2013(Updated: )
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC Unisphere | <=1.6 | |
| EMC Unisphere | =1.0 | |
| EMC Unisphere | =1.1 | |
| EMC Unisphere | =1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3287?
CVE-2013-3287 has a medium severity rating due to the potential exposure of sensitive LDAP credentials.
How do I fix CVE-2013-3287?
To fix CVE-2013-3287, update your EMC Unisphere for VMAX to version 1.6.1.6 or higher to secure the LDAP configurations.
Who is affected by CVE-2013-3287?
Users of EMC Unisphere for VMAX versions prior to 1.6.1.6 are affected by CVE-2013-3287.
What type of vulnerability is CVE-2013-3287?
CVE-2013-3287 is a local information disclosure vulnerability related to unknowingly logging debug information.
How can local users exploit CVE-2013-3287?
Local users can exploit CVE-2013-3287 by reading console logs that reveal the cleartext LDAP bind password.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/emc unisphere
- version/emc unisphere/1.6
- version/emc unisphere/1.0
- version/emc unisphere/1.1
- version/emc unisphere/1.5