Information disclosure in Emc Networker

CVE-2014-4620

The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensit…

Vulnerability class: Information Disclosure

EPSS: 0.001 (20.1th percentile) — read the EPSS interpretation.

Affected products

Emc Networker
Meditech — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability (mailing-list, x_refsource_BUGTRAQ)
1031116 (vdb-entry, x_refsource_SECTRACK)
70726 (vdb-entry, x_refsource_BID)
emc-networker-cve20144620-info-disc(97756) (vdb-entry, x_refsource_XF)
security_alert@emc.com (x_refsource_MISC)
61952 (x_refsource_SECUNIA, third-party-advisory)