Details of VAR-202204-0611

ID

VAR-202204-0611

CVE

CVE-2022-26856

TITLE

Dell's emc repository manager Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008672

DESCRIPTION

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. Dell's emc repository manager There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.34

sources: NVD: CVE-2022-26856 // JVNDB: JVNDB-2022-008672 // CNVD: CNVD-2022-31754 // VULHUB: VHN-417511 // VULMON: CVE-2022-26856

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-31754

AFFECTED PRODUCTS

vendor:	dell	model:	emc repository manager	scope:	eq	version:	3.4.0	Trust: 1.0
vendor:	デル	model:	emc repository manager	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	emc repository manager	scope:	eq	version:	3.4.0	Trust: 0.8
vendor:	デル	model:	emc repository manager	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	emc repository manager	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-31754 // JVNDB: JVNDB-2022-008672 // NVD: CVE-2022-26856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26856
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-26856
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26856
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-31754
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202204-3957
value:	HIGH
Trust: 0.6
VULHUB:	VHN-417511
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-26856
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-26856
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-31754
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-417511
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26856
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-26856
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26856
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-31754 // VULHUB: VHN-417511 // VULMON: CVE-2022-26856 // JVNDB: JVNDB-2022-008672 // CNNVD: CNNVD-202204-3957 // NVD: CVE-2022-26856 // NVD: CVE-2022-26856

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417511 // JVNDB: JVNDB-2022-008672 // NVD: CVE-2022-26856

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3957

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3957

PATCH

title:	Patch for Dell EMC Password Storage Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/330466	Trust: 0.6
title:	DELL EMC Repository Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190323	Trust: 0.6

sources: CNVD: CNVD-2022-31754 // CNNVD: CNNVD-202204-3957

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26856	Trust: 4.0
db:	JVNDB	id:	JVNDB-2022-008672	Trust: 0.8
db:	CNVD	id:	CNVD-2022-31754	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3957	Trust: 0.6
db:	VULHUB	id:	VHN-417511	Trust: 0.1
db:	VULMON	id:	CVE-2022-26856	Trust: 0.1

sources: CNVD: CNVD-2022-31754 // VULHUB: VHN-417511 // VULMON: CVE-2022-26856 // JVNDB: JVNDB-2022-008672 // CNNVD: CNNVD-202204-3957 // NVD: CVE-2022-26856

REFERENCES

url:	https://www.dell.com/support/kbdoc/000197797	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26856	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-26856/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-31754 // VULHUB: VHN-417511 // VULMON: CVE-2022-26856 // JVNDB: JVNDB-2022-008672 // CNNVD: CNNVD-202204-3957 // NVD: CVE-2022-26856

SOURCES

db:	CNVD	id:	CNVD-2022-31754
db:	VULHUB	id:	VHN-417511
db:	VULMON	id:	CVE-2022-26856
db:	JVNDB	id:	JVNDB-2022-008672
db:	CNNVD	id:	CNNVD-202204-3957
db:	NVD	id:	CVE-2022-26856

LAST UPDATE DATE

2024-11-23T22:54:37.445000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-31754	date:	2022-04-23T00:00:00
db:	VULHUB	id:	VHN-417511	date:	2022-05-03T00:00:00
db:	VULMON	id:	CVE-2022-26856	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-008672	date:	2023-07-28T08:05:00
db:	CNNVD	id:	CNNVD-202204-3957	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-26856	date:	2024-11-21T06:54:39.263

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-31754	date:	2022-04-22T00:00:00
db:	VULHUB	id:	VHN-417511	date:	2022-04-21T00:00:00
db:	VULMON	id:	CVE-2022-26856	date:	2022-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-008672	date:	2023-07-28T00:00:00
db:	CNNVD	id:	CNNVD-202204-3957	date:	2022-04-21T00:00:00
db:	NVD	id:	CVE-2022-26856	date:	2022-04-21T21:15:07.940