CVE-2022-26856

HIGH

Dell EMC Repository Manager 3.4.0 - Info Disclosure

Title source: llm

Description

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/000197797

Scores

CVSS v3 8.2

EPSS 0.0004

EPSS Percentile 12.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

dell/emc_repository_manager

Timeline

Published Apr 21, 2022

Tracked Since Feb 18, 2026