{"api_version":"1","generated_at":"2026-05-13T11:00:50+00:00","cve":"CVE-2014-4620","urls":{"html":"https://cve.report/CVE-2014-4620","api":"https://cve.report/api/cve/CVE-2014-4620.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-4620","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-4620"},"summary":{"title":"CVE-2014-4620","description":"The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.","state":"PUBLISHED","assigner":"dell","published_at":"2014-10-25 10:55:06","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"2.1","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securitytracker.com/id/1031116","name":"http://www.securitytracker.com/id/1031116","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"EMC NetWorker Module for MEDITECH Password Disclosure Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/70726","name":"http://www.securityfocus.com/bid/70726","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"EMC NetWorker Module for MEDITECH CVE-2014-4620 Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html","name":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/61952","name":"http://secunia.com/advisories/61952","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisory SA61952 - EMC NetWorker Module for Meditech Credentials Logging Security Issue - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html","name":"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"EMC NetWorker Module For MEDITECH (NMMEDI) Information Disclosure ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-4620","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4620","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"4620","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"networker","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4620","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"meditech","cpe5":"meditech","cpe6":"3.0","cpe7":"87","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4620","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"meditech","cpe5":"meditech","cpe6":"3.0","cpe7":"90","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T11:20:26.651Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"},{"name":"1031116","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1031116"},{"name":"70726","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/70726"},{"name":"emc-networker-cve20144620-info-disc(97756)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"},{"name":"61952","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61952"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-10-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","shortName":"dell"},"references":[{"name":"20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"},{"name":"1031116","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1031116"},{"name":"70726","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/70726"},{"name":"emc-networker-cve20144620-info-disc(97756)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"},{"name":"61952","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61952"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","ID":"CVE-2014-4620","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"},{"name":"1031116","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1031116"},{"name":"70726","refsource":"BID","url":"http://www.securityfocus.com/bid/70726"},{"name":"emc-networker-cve20144620-info-disc(97756)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"},{"name":"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"},{"name":"61952","refsource":"SECUNIA","url":"http://secunia.com/advisories/61952"}]}}}},"cveMetadata":{"assignerOrgId":"c550e75a-17ff-4988-97f0-544cde3820fe","assignerShortName":"dell","cveId":"CVE-2014-4620","datePublished":"2014-10-25T10:00:00.000Z","dateReserved":"2014-06-24T00:00:00.000Z","dateUpdated":"2024-08-06T11:20:26.651Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-10-25 10:55:06","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:meditech:meditech:3.0:87:*:*:*:*:*:*","matchCriteriaId":"E0C60C50-0F94-42C1-8A5E-4619A246DFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:meditech:meditech:3.0:90:*:*:*:*:*:*","matchCriteriaId":"AE45304B-075F-4F4E-9405-B641A27BC8CA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*","matchCriteriaId":"A4DAF0D5-7EFF-4F23-BAC4-04F8749E400A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"4620","Ordinal":"1","Title":"CVE-2014-4620","CVE":"CVE-2014-4620","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"4620","Ordinal":"1","NoteData":"The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.","Type":"Description","Title":"CVE-2014-4620"},{"CveYear":"2014","CveId":"4620","Ordinal":"2","NoteData":"2014-10-25","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"4620","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}