Vulnerability-Lookup

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:20:26.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
          },
          {
            "name": "1031116",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031116"
          },
          {
            "name": "70726",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70726"
          },
          {
            "name": "emc-networker-cve20144620-info-disc(97756)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
          },
          {
            "name": "61952",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61952"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
        },
        {
          "name": "1031116",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031116"
        },
        {
          "name": "70726",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70726"
        },
        {
          "name": "emc-networker-cve20144620-info-disc(97756)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
        },
        {
          "name": "61952",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61952"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2014-4620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
            },
            {
              "name": "1031116",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031116"
            },
            {
              "name": "70726",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70726"
            },
            {
              "name": "emc-networker-cve20144620-info-disc(97756)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
            },
            {
              "name": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
            },
            {
              "name": "61952",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61952"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-4620",
    "datePublished": "2014-10-25T10:00:00",
    "dateReserved": "2014-06-24T00:00:00",
    "dateUpdated": "2024-08-06T11:20:26.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:meditech:meditech:3.0:87:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0C60C50-0F94-42C1-8A5E-4619A246DFA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:meditech:meditech:3.0:90:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE45304B-075F-4F4E-9405-B641A27BC8CA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4DAF0D5-7EFF-4F23-BAC4-04F8749E400A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo EMC NetWorker para MEDITECH (tambi\\u00e9n conocido como NMMEDI) 3.0 build 87 hasta 90, cuando se utiliza EMC RecoverPoint y Plink, almacena las credenciales RecoverPoint Appliance en texto plano en ficheros del registro nsrmedisv.raw, lo que permite a usuarios locales obtener informaci\\u00f3n sensible mediante la lectura de estos ficheros.\"}]",
      "id": "CVE-2014-4620",
      "lastModified": "2024-11-21T02:10:35.290",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-10-25T10:55:06.023",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://secunia.com/advisories/61952\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securityfocus.com/bid/70726\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securitytracker.com/id/1031116\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/61952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/70726\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1031116\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4620\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2014-10-25T10:55:06.023\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo EMC NetWorker para MEDITECH (tambi\u00e9n conocido como NMMEDI) 3.0 build 87 hasta 90, cuando se utiliza EMC RecoverPoint y Plink, almacena las credenciales RecoverPoint Appliance en texto plano en ficheros del registro nsrmedisv.raw, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de estos ficheros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:meditech:meditech:3.0:87:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0C60C50-0F94-42C1-8A5E-4619A246DFA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:meditech:meditech:3.0:90:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE45304B-075F-4F4E-9405-B641A27BC8CA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4DAF0D5-7EFF-4F23-BAC4-04F8749E400A\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://secunia.com/advisories/61952\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/bid/70726\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1031116\",\"source\":\"security_alert@emc.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/61952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/70726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2014-4620

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-4620

Aliases

CVE-2014-4620

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4620",
    "description": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.",
    "id": "GSD-2014-4620"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4620"
      ],
      "details": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.",
      "id": "GSD-2014-4620",
      "modified": "2023-12-13T01:22:45.043887Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2014-4620",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
          },
          {
            "name": "1031116",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031116"
          },
          {
            "name": "70726",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/70726"
          },
          {
            "name": "emc-networker-cve20144620-info-disc(97756)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
          },
          {
            "name": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
          },
          {
            "name": "61952",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/61952"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:meditech:meditech:3.0:87:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:meditech:meditech:3.0:90:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2014-4620"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
            },
            {
              "name": "70726",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/70726"
            },
            {
              "name": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
            },
            {
              "name": "1031116",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031116"
            },
            {
              "name": "61952",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/61952"
            },
            {
              "name": "emc-networker-cve20144620-info-disc(97756)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:35Z",
      "publishedDate": "2014-10-25T10:55Z"
    }
  }
}

CERTFR-2014-AVI-447

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans EMC Avamar Data Store et Virtual Edition. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EMC Avamar Data Store et Avamar Virtual Edition versions 6.x et 7.0.x jusqu'à 7.0.2-43

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eEMC Avamar Data Store et Avamar Virtual Edition versions 6.x  et 7.0.x jusqu\u0027\u00e0 7.0.2-43\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4620"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-447",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eEMC Avamar\nData Store et Virtual Edition\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans EMC Avamar Data Store et Virtual Edition",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 bugtraq du 27 octobre 2014",
      "url": "http://seclists.org/bugtraq/2014/Oct/att-146/ESA-2014-096.txt"
    }
  ]
}

CERTFR-2014-AVI-447

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans EMC Avamar Data Store et Virtual Edition. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EMC Avamar Data Store et Avamar Virtual Edition versions 6.x et 7.0.x jusqu'à 7.0.2-43

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eEMC Avamar Data Store et Avamar Virtual Edition versions 6.x  et 7.0.x jusqu\u0027\u00e0 7.0.2-43\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4620"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-447",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eEMC Avamar\nData Store et Virtual Edition\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans EMC Avamar Data Store et Virtual Edition",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 bugtraq du 27 octobre 2014",
      "url": "http://seclists.org/bugtraq/2014/Oct/att-146/ESA-2014-096.txt"
    }
  ]
}

CERTFR-2014-AVI-446

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans EMC NetWorker Module. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EMC NetWorker Module pour MEDITECH, version 3.0 build 87 à 90

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eEMC NetWorker Module pour MEDITECH, version 3.0 build 87 \u00e0  90\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4620"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-446",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eEMC NetWorker\nModule\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans EMC NetWorker Module",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 bugtraq du 27 octobre 2014",
      "url": "http://seclists.org/bugtraq/2014/Oct/att-144/ESA-2014-087.txt"
    }
  ]
}

CERTFR-2014-AVI-446

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans EMC NetWorker Module. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EMC NetWorker Module pour MEDITECH, version 3.0 build 87 à 90

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eEMC NetWorker Module pour MEDITECH, version 3.0 build 87 \u00e0  90\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4620"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-446",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eEMC NetWorker\nModule\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans EMC NetWorker Module",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 bugtraq du 27 octobre 2014",
      "url": "http://seclists.org/bugtraq/2014/Oct/att-144/ESA-2014-087.txt"
    }
  ]
}

FKIE_CVE-2014-4620

Vulnerability from fkie_nvd - Published: 2014-10-25 10:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	security_alert@emc.com	http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html
	security_alert@emc.com	http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html
	security_alert@emc.com	http://secunia.com/advisories/61952
	security_alert@emc.com	http://www.securityfocus.com/bid/70726
	security_alert@emc.com	http://www.securitytracker.com/id/1031116
	security_alert@emc.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/97756
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html
	af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61952
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70726
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031116
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/97756

Impacted products

Vendor	Product	Version
meditech	meditech	3.0
meditech	meditech	3.0
emc	networker	*

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:meditech:meditech:3.0:87:*:*:*:*:*:*",
              "matchCriteriaId": "E0C60C50-0F94-42C1-8A5E-4619A246DFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:meditech:meditech:3.0:90:*:*:*:*:*:*",
              "matchCriteriaId": "AE45304B-075F-4F4E-9405-B641A27BC8CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4DAF0D5-7EFF-4F23-BAC4-04F8749E400A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo EMC NetWorker para MEDITECH (tambi\u00e9n conocido como NMMEDI) 3.0 build 87 hasta 90, cuando se utiliza EMC RecoverPoint y Plink, almacena las credenciales RecoverPoint Appliance en texto plano en ficheros del registro nsrmedisv.raw, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de estos ficheros."
    }
  ],
  "id": "CVE-2014-4620",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-25T10:55:06.023",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://secunia.com/advisories/61952"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/70726"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1031116"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-66HJ-GQX3-G344

Vulnerability from github – Published: 2022-05-17 01:23 – Updated: 2022-05-17 01:23

Details

Show details on source website