Products
DM5500
- 5.16.0.0
Source
security_alert@emc.com
Tags
CVE-2024-37135 details
Published : July 31, 2024, 2:15 p.m.
Last Modified : July 31, 2024, 2:15 p.m.
Last Modified : July 31, 2024, 2:15 p.m.
Description
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CVSS Score
| 1 | 2 | 3.3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-256 | Plaintext Storage of a Password | Storing a password in plaintext may result in a system compromise. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
3.3
Exploitability Score
1.8
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/000227424/dsa-2024-290-security-update-for-dell-powerprotect-data-manager-appliance-dm5500-for-multiple-vulnerabilities | security_alert@emc.com |
This website uses the NVD API, but is not approved or certified by it.