CVE-2024-0157

Published: Apr 12, 2024Modified: Feb 4, 2025

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

Affected (2)

Products: Dell: Storage Monitoring And Reporting, Storage Resource Manager

2 products

Storage Monitoring And Reporting

Storage Resource Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Storage Monitoring And Reporting	Before 5.0.0.0
Dell Storage Resource Manager	Before 5.0.0.0

Related CWEs

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.