CVE-2024-37135

Published: Jul 31, 2024Modified: Nov 22, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Affected (1)

Products: Dell: Dm5500 Firmware

1 product

Dm5500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Dm5500 Firmware	Before 5.17.0.0

Running on/with	Platform Versions
Dell Dm5500	All versions

Related CWEs

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

References (1)

https://www.dell.com/support/kbdoc/en-us/000227424/dsa-2024-290-security-update-for-dell-powerprotect-data-manager-appliance-dm5500-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.