CVE-2015-0514: Infoleak
First published: Wed Jan 21 2015(Updated: )
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC Watch4Net | <=6.5 | |
| EMC ViPR SRM | <=3.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html
- http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html
- http://seclists.org/fulldisclosure/2015/Mar/112
- http://www.securityfocus.com/archive/1/534923/100/0/threaded
- http://www.securityfocus.com/bid/72257
- http://www.securitytracker.com/id/1031567
- https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/last-modified-date
- agent/tags
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/emc
- canonical/emc watch4net
- version/emc watch4net/6.5
- canonical/emc vipr srm
- version/emc vipr srm/3.6.0