CVE-2019-18576
First published: Fri Mar 13 2020(Updated: )
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Xtremio Management Server | <6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-18576?
CVE-2019-18576 is an information disclosure vulnerability in Dell EMC XtremIO XMS versions prior to 6.3.0.
How does CVE-2019-18576 affect Dell EMC XtremIO XMS?
CVE-2019-18576 allows malicious local users with access to log files to gain access to XtremIO with the privileges of compromised users by logging OS users' passwords in local files.
What is the severity of CVE-2019-18576?
CVE-2019-18576 has a severity rating of medium with a score of 6.7.
How can I fix CVE-2019-18576?
To fix CVE-2019-18576, upgrade Dell EMC XtremIO XMS to version 6.3.0 or later.
Where can I find more information about CVE-2019-18576?
More information about CVE-2019-18576 can be found at the following link: https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/dell
- canonical/dell xtremio management server