ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-087: EMC NetWorker Module for MEDITECH NMMEDI Information Disclosure Vulnerability EMC Identifier: ESA-2014-087 CVE Identifier: CVE-2014-4620 Severity Rating: CVSS v2 Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC NetWork...

CVE-2014-4620

The EMC NetWorker Module for MEDITECH aka NMMEDI 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files...

CVE-2014-4620

The EMC NetWorker Module for MEDITECH aka NMMEDI 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files...

CVE-2014-4620

CVE-2014-4620 affects EMC NetWorker Module for MEDITECH (NMMEDI) 3.0 builds 87–90. When used with EMC RecoverPoint and Plink, Plink commands print RecoverPoint credentials in clear text to nsrmedisv.raw log files, yielding local information disclosure. Impact is sensitive data exposure in logs. R...