CVE-2015-0529

Published Apr 5, 2015

Last updated 8 years ago

Overview

Description: EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.
Source: security_alert@emc.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-255

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emc:powerpath_virtual_appliance:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5BCFDE1-A7BD-48AE-986A-D5665EC41DE2",
            "versionEndIncluding": "1.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References