Lucene search

K
cveDellCVE-2024-28961
HistoryApr 29, 2024 - 9:15 a.m.

CVE-2024-28961

2024-04-2909:15:07
CWE-256
dell
web.nvd.nist.gov
33
cve-2024-28961
dell openmanage enterprise
sensitive information disclosure
unauthorized access
elevated privileges
upgrade recommendation

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

5.9

Confidence

Low

EPSS

0

Percentile

9.0%

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.

Affected configurations

Vulners
Vulnrichment
Node
dellopenmanage_enterpriseMatch4.0.0
OR
dellopenmanage_enterpriseMatch4.0.1
VendorProductVersionCPE
dellopenmanage_enterprise4.0.0cpe:2.3:a:dell:openmanage_enterprise:4.0.0:*:*:*:*:*:*:*
dellopenmanage_enterprise4.0.1cpe:2.3:a:dell:openmanage_enterprise:4.0.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell OpenManage Enterprise",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "4.0.1"
      }
    ]
  }
]

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

5.9

Confidence

Low

EPSS

0

Percentile

9.0%

Related for CVE-2024-28961