Lucene search

DellCVELIST:CVE-2024-28971

HistoryMay 08, 2024 - 3:37 p.m.

CVE-2024-28971

2024-05-0815:37:31

CWE-256

dell

www.cve.org

dell update manager

plain-text password

log file

vulnerability

remote attacker

user credentials

compromised account

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Update Manager Plugin",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000224849/dsa-2024-209-security-update-for-dell-update-manager-plugin-vulnerability