CVE-2024-37143

Published: Dec 10, 2024Modified: Jan 22, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

Affected (6)

Products: Dell: Data Lakehouse, Insightiq, Powerflex Appliance Intelligent Catalog, Powerflex Manager, Powerflex Rack Release Certification Matrix

Dell

5 products

Data Lakehouse

Insightiq

Powerflex Appliance Intelligent Catalog

Powerflex Manager

Powerflex Rack Release Certification Matrix

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Dell Data Lakehouse	Before 1.2.0.0
Dell Insightiq	Before 5.1.1
Dell Powerflex Appliance Intelligent Catalog	Before 46.376.00
Dell Powerflex Manager	Before 4.6.1.0
Dell Powerflex Rack Release Certification Matrix	From 3.7.0.0 to 3.7.6.0
Dell Powerflex Rack Release Certification Matrix	From 3.8.0.0 to 3.8.1.0

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (1)

https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.