CVE-2016-0910

Properties

Published:
08.06.2016
Updated:
25.06.2016
Patch available:
Severity:
Medium
CVSS vector:
(AV:L/AC:L/Au:S/C:P/I:P/A:P)
Product:
emc: data_domain_os
emc: data_domain_os
emc: data_domain_os

Vulnerability description

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.

References:

SECTRACK: http://www.securitytracker.com/id/1036074
BUGTRAQ: http://seclists.org/bugtraq/2016/Jun/44
MISC: http://packetstormsecurity.com/files/137383/EMC-Data-Domain-Information-Disclosure.html