CVE-2023-39244

Published: Feb 15, 2024Modified: Jan 23, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

Affected (1)

Products: Dell: Enterprise Storage Integrator For Sap Landscape Management

1 product

Enterprise Storage Integrator For Sap Landscape Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Enterprise Storage Integrator For Sap Landscape Management	Before 10.0.0.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.