CVE-2024-28976 HIGH

CVE-2024-28976

Vendor Dell
Product Dell Repository Manager (DRM)
Weakness CWE-20 · Input validation
Published April 24, 2024
Last update August 21, 2024

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

Key dates

02Disclosure timeline

April 24, 2024 CVE published
August 21, 2024 Record updated