Article Number: 000197797
High
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-26856 | Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-26856 | Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
CVE-2022-26856 | Dell EMC Repository Manager |
3.4 |
3.4.1 | Link to update |
CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
CVE-2022-26856 | Dell EMC Repository Manager |
3.4 |
3.4.1 | Link to update |
For Dell EMC Repository Manager (DRM) version 3.4, an Admin user can change the database password to a new password as a workaround for CVE-2022-26856. For workaround to be effective, Admin must change the initial database password that was created at installation or update. Dell recommends making this password different from the initial password created for the database.
Revision | Date | Description |
1.0 | 2022-04-04 | Initial Release |
Product Security Information, Dell EMC Repository Manager - Current Versions
04 Apr 2022
Dell Security Advisory