Lucene search

DellCVELIST:CVE-2024-28961

HistoryApr 29, 2024 - 8:25 a.m.

CVE-2024-28961

2024-04-2908:25:28

CWE-256

dell

www.cve.org

dell openmanage

sensitive information disclosure

unauthorized access

elevated privileges

upgrade

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell OpenManage Enterprise",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "4.0.1"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability