CVE-2024-28961
EUVD-2024-2602329.04.2024, 09:15
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dell | openmanage_enterprise | 4.0 |
| dell | openmanage_enterprise | 4.0.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| dell | openmanage | 4.0.0 | CNA |
| dell | openmanage | 4.0.1 | CNA |
Common Weakness Enumeration
- CWE-256 - Plaintext Storage of a PasswordStoring a password in plaintext may result in a system compromise.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.