CVE-2024-22432 HIGH

CVE-2024-22432

Vendor Dell
Product NetWorker Module for Databases and Applications - Oracle
Weakness CWE-256
Published January 25, 2024
Last update August 29, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.

Key dates

02Disclosure timeline

January 25, 2024 CVE published
August 29, 2024 Record updated