Lucene search

DellCVELIST:CVE-2023-28045

HistoryMay 19, 2023 - 8:35 a.m.

CVE-2023-28045

2023-05-1908:35:58

CWE-311

dell

www.cve.org

dell cloudiq collector

encryption vulnerability

sensitive data

unauthorized access

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

21.9%

JSON

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CloudIQ Collector",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "1.10.2"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000213696/dsa-2023-165-dell-cloudiq-collector-security-update-for-missing-encryption-of-sensitive-data-vulnerability

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

21.9%

JSON

Related for CVELIST:CVE-2023-28045