Design/Logic Flaw

2024-02-0607:15:00

PRIOn knowledge base

www.prio-n.com

dell data protection

exposed password

ldap settings

remote unauthorized access

confidentiality loss

integrity loss

remote takeover

high severity

downstream devices

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

42.1%

JSON

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

CPENameOperatorVersion
data_protection_searchge19.2.0
data_protection_searchlt19.6.4

CPE	Name	Operator	Version
	data_protection_search	ge	19.2.0
	data_protection_search	lt	19.6.4

References

www.dell.com/support/kbdoc/en-us/000221720/dsa-2024-063-security-update-for-dell-data-protection-search-multiple-security-vulnerabilities