CVE-2024-28971 LOW

CVE-2024-28971

Vendor Dell
Product Update Manager Plugin
Weakness CWE-256
Published May 8, 2024
Last update August 2, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Key dates

02Disclosure timeline

May 8, 2024 CVE published
August 2, 2024 Record updated