Arbitrary File Read Vulnerability in Dell vApp Manager
CVE-2023-48661

4.9MEDIUM

Key Information:

Vendor: Dell
Status: vApp Manager
Vendor: CVE Published:; 14 December 2023

Summary

Dell vApp Manager, in versions prior to 9.2.4.x, has a security weakness that allows a remote user with elevated privileges to read arbitrary files from the system. This issue can be exploited, leading to exposure of sensitive information stored on the server, posing significant risks to the system's integrity. It is crucial for users of affected versions to implement corrective measures as recommended by the vendor.

Affected Version(s)

vApp Manager Versions prior to 9.2.4.x

References

https://www.dell.com/support/kbdoc/en-us/000220427/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

Dell Technologies would like to thank 33a6099 for reporting these issues.