Dell EMC ScaleIO Buffer Overflow / Command Injection Vulnerability

Dell EMC ScaleIO customers are encouraged to update to ScaleIO version 2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. Dell EMC Identifier: DSA-2018-058 C...

CVE-2018-1237

CVE-2018-1237 affects Dell EMC ScaleIO versions prior to 2.5. The vulnerability resides in the Light Installation Agent (LIA) and stems from improper restriction of excessive authentication attempts. A remote attacker with network access to LIA could brute-force usernames and passwords on LIA-man...