Description
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_confirm
http://www.securityfocus.com/archive/1/540058/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037727
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95821
Scores
CVSS v3
4.4
EPSS
0.0008
EPSS Percentile
22.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-275
Status
published
Products (3)
emc/recoverpoint
< 4.4.1.0
emc/recoverpoint_for_virtual_machines
< 4.0
n/a/EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0
EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1
Published
Feb 03, 2017
Tracked Since
Feb 18, 2026