Lucene search

DellCVELIST:CVE-2024-39582

HistorySep 10, 2024 - 9:04 a.m.

CVE-2024-39582

2024-09-1009:04:50

CWE-798

dell

www.cve.org

dell powerscale

hard coded credentials

local access

information disclosure

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.6%

JSON

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerScale InsightIQ",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "5.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-39582