var-201803-1428
Vulnerability from variot
A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface. plural Dell EMC The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DellEMC UnisphereforVMAXVirtualAppliance and others are products of Dell Corporation of the United States. DellEMCUnisphereforVMAXVirtualAppliance(vApp) is a management tool for VMAX storage arrays. EMCSolutionsEnablerVirtualAppliance is a solution application virtual appliance. vAppManager is one of the vApp management tools. Multiple Dell EMC Products are prone to an arbitrary file-upload vulnerability and a security-bypass vulnerability. An attacker can exploit these issues to upload arbitrary files in the context of the web server process or to bypass the security mechanism and perform unauthorized actions.
Note: The default account OsmcO has been removed for all fresh installations of versions of the products that contain the fixes. The account cannot be removed from the user database for upgrade situations, however all servlets that use this account have been removed from the application making the account obsolete. Open a Service Request to have the hotfix or ePack installed. Contact Dell EMC Support with any questions.
Credits: Dell EMC would like to thank Carlos Perez from Tenable for reporting these vulnerabilities.
For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Legal Information: Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Technical Support at 1-877-534-2867. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Dell EMC Product Security Response Center security_alert@emc.com -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJagPFFAAoJEHbcu+fsE81ZivMH/0s0r4XFxvW9tL+l8zkGdJIc uRjYTAr5iE4I8PaLw0S/MYVIr2YbpBcaP5QuUbNENWr/aaPHtccE3Gou6Bv72FK0 CU2qMdV9kjWbhHvbIjrnS2RsNjTekWSIDjYJPdkHk03thutYa3Loy7bX42LJe6E7 +slgZjR5zkATMvGis2R/nEj40phxxA+I/dUJIMjbT7emBCSBL5IAlvmuznzChm31 hklk6F/YDI/iOC8GBo0PwNf2F6PBUJbR78B6ppLeHP8AygLdu/AZZX/5eHyDGBiS 8eHATltqjU5I8X7fnjKl8UtoL1ohw72tMROiN9164N2xoJQwasMX6Rs3eNpru2c= =HaYf -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc vmax embedded management",
"scope": "eq",
"trust": 1.5,
"vendor": "dell",
"version": "1.4"
},
{
"model": "emc unisphere for vmax virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "8.4.0.18"
},
{
"model": "emc vmax embedded management",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "1.4"
},
{
"model": "emc vasa virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "8.4.0.514"
},
{
"model": "emc solutions enabler virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "8.4.0.21"
},
{
"model": "emc vasa virtual appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.4.0.512"
},
{
"model": "emc unisphere for vmax",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.3"
},
{
"model": "emc unisphere for vmax",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.2"
},
{
"model": "emc unisphere for vmax",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.4.0.15"
},
{
"model": "emc solutions enabler",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.1.0.3"
},
{
"model": "emc solutions enabler",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.4.0.15"
},
{
"model": "emc solutions enabler",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.2"
},
{
"model": "emc solutions enabler",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "8.3"
},
{
"model": "vmax embedded management",
"scope": "lte",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "1.4 (enginuity release 5977.1125.1125 )"
},
{
"model": "solutions enabler",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "virtual appliance 8.4.0.21"
},
{
"model": "unisphere",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "for vmax virtual appliance 8.4.0.18"
},
{
"model": "vasa virtual appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "8.4.0.514"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "BID",
"id": "103039"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
},
{
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emc:vmax_emanagement",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emc:solutions_enabler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emc:unisphere",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emc:emc_vasa_virtual_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlos Perez from Tenable",
"sources": [
{
"db": "BID",
"id": "103039"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-1216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06092",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-122091",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-1216",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1216",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-1216",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-237",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-122091",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1216",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "VULHUB",
"id": "VHN-122091"
},
{
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
},
{
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface. plural Dell EMC The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DellEMC UnisphereforVMAXVirtualAppliance and others are products of Dell Corporation of the United States. DellEMCUnisphereforVMAXVirtualAppliance(vApp) is a management tool for VMAX storage arrays. EMCSolutionsEnablerVirtualAppliance is a solution application virtual appliance. vAppManager is one of the vApp management tools. Multiple Dell EMC Products are prone to an arbitrary file-upload vulnerability and a security-bypass vulnerability. \nAn attacker can exploit these issues to upload arbitrary files in the context of the web server process or to bypass the security mechanism and perform unauthorized actions. \n\nNote: The default account OsmcO has been removed for all fresh installations of versions of the products that contain the\nfixes. The account cannot be removed from the user database for upgrade situations, however all servlets that use this\naccount have been removed from the application making the account obsolete. Open a Service Request to have the hotfix\nor ePack installed. Contact Dell EMC Support with any questions. \n\nCredits:\nDell EMC would like to thank Carlos Perez from Tenable for reporting these vulnerabilities. \n \n\nFor an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307. Dell EMC recommends all customers\ntake into account both the base score and any relevant temporal and environmental scores which may impact the\npotential severity associated with particular security vulnerability. \n\nLegal Information: Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the\nproblems described herein. If you have any questions regarding this product alert, contact Dell EMC Technical\nSupport at 1-877-534-2867. Dell EMC recommends that all users determine the\napplicability of this information to their individual situations and take appropriate action. The information set forth herein is\nprovided \"as is\" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied,\nincluding the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall\nDell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of\nbusiness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. \nSome states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing\nlimitation may not apply. \n\nDell EMC Product Security Response Center\nsecurity_alert@emc.com\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQEcBAEBCgAGBQJagPFFAAoJEHbcu+fsE81ZivMH/0s0r4XFxvW9tL+l8zkGdJIc\nuRjYTAr5iE4I8PaLw0S/MYVIr2YbpBcaP5QuUbNENWr/aaPHtccE3Gou6Bv72FK0\nCU2qMdV9kjWbhHvbIjrnS2RsNjTekWSIDjYJPdkHk03thutYa3Loy7bX42LJe6E7\n+slgZjR5zkATMvGis2R/nEj40phxxA+I/dUJIMjbT7emBCSBL5IAlvmuznzChm31\nhklk6F/YDI/iOC8GBo0PwNf2F6PBUJbR78B6ppLeHP8AygLdu/AZZX/5eHyDGBiS\n8eHATltqjU5I8X7fnjKl8UtoL1ohw72tMROiN9164N2xoJQwasMX6Rs3eNpru2c=\n=HaYf\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "BID",
"id": "103039"
},
{
"db": "VULHUB",
"id": "VHN-122091"
},
{
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"db": "PACKETSTORM",
"id": "146367"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1216",
"trust": 3.6
},
{
"db": "BID",
"id": "103039",
"trust": 2.9
},
{
"db": "TENABLE",
"id": "TRA-2018-03",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1040383",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-237",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-06092",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122091",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1216",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146367",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "VULHUB",
"id": "VHN-122091"
},
{
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"db": "BID",
"id": "103039"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "PACKETSTORM",
"id": "146367"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
},
{
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"id": "VAR-201803-1428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "VULHUB",
"id": "VHN-122091"
}
],
"trust": 1.223174735
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
}
]
},
"last_update_date": "2024-11-23T22:12:38.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dellemc.com/en-us/index.htm"
},
{
"title": "Patches for unauthorized access to vulnerabilities in several Dell products vAppManager",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/123005"
},
{
"title": "Multiple Dell product vApp Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78973"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/02/15/sell_emc_patches_vmax_virtual_appliance_vulnerabilities/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/dell-emc-patches-critical-flaws-in-vmax-enterprise-storage-systems/129952/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122091"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://seclists.org/fulldisclosure/2018/feb/41"
},
{
"trust": 2.0,
"url": "http://www.securityfocus.com/bid/103039"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/research/tra-2018-03"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1040383"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1216"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1216"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2018/feb/att-38/dsa-2018-024.txt"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/dell-emc-patches-critical-flaws-in-vmax-enterprise-storage-systems/129952/"
},
{
"trust": 0.1,
"url": "https://support.emc.com/downloads/40557_vasa-provider."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1215"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "VULHUB",
"id": "VHN-122091"
},
{
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"db": "BID",
"id": "103039"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "PACKETSTORM",
"id": "146367"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
},
{
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"db": "VULHUB",
"id": "VHN-122091"
},
{
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"db": "BID",
"id": "103039"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"db": "PACKETSTORM",
"id": "146367"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
},
{
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"date": "2018-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-122091"
},
{
"date": "2018-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"date": "2018-02-12T00:00:00",
"db": "BID",
"id": "103039"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"date": "2018-02-13T17:32:32",
"db": "PACKETSTORM",
"id": "146367"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-237"
},
{
"date": "2018-03-08T15:29:00.627000",
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06092"
},
{
"date": "2018-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-122091"
},
{
"date": "2018-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1216"
},
{
"date": "2018-02-12T00:00:00",
"db": "BID",
"id": "103039"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002724"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-237"
},
{
"date": "2024-11-21T03:59:24.497000",
"db": "NVD",
"id": "CVE-2018-1216"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell EMC Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-237"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…