CVE-2019-3767

Published: Oct 14, 2019Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.

Affected (1)

Products: Dell: Imageassist

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Imageassist	Before 8.7.15

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.dell.com/support/article/us/en/19/sln318831/dsa-2019-139

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/article/us/en/19/sln318831/dsa-2019-139

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.