CVE-2018-11079

MEDIUM

EMC Secure Remote Services - Insufficiently Protected Credentials

Title source: rule

Description

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.

References (3)

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 17.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (1)

emc/secure_remote_services < 3.32.00.08

Timeline

Published Oct 18, 2018
Tracked Since Feb 18, 2026