CVE-2019-18576 MEDIUM

CVE-2019-18576

Vendor Dell
Product XtremIO
Weakness CWE-532 · Sensitive info in logs
Published March 13, 2020
Last update September 16, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.

Key dates

02Disclosure timeline

March 13, 2020 CVE published
September 16, 2024 Record updated