Main Vulnerability Database Vulnerabilities #VU14127

#VU14127 Information disclosure in EMC NetWorker Server - CVE-2018-11050

Published: July 31, 2018 / Updated: July 31, 2018

Vulnerability identifier: #VU14127

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11050

CWE-ID: CWE-312

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
EMC NetWorker Server

Software vendor:
Dell

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to a flaw in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. A remote attacker monitoring the local network collision domain can obtain clear text passwords that are sent to the remote AMQP service and access the target component with the privileges of the target user.

Remediation

The vulnerability has been addressed in the versions 9.1.1.9, 9.2.1.4, 18.1.0.2.

External links

http://seclists.org/fulldisclosure/2018/Jul/92

#VU14127 Information disclosure in EMC NetWorker Server - CVE-2018-11050

Description

Remediation

External links

Please verify you're human