Dell SRM Vulnerable to Session Fixation Attack
CVE-2024-0157

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Dell Storage Resource Manager
Vendor: CVE Published:; 12 April 2024

What is CVE-2024-0157?

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

Affected Version(s)

Dell Storage Resource Manager < 5.0.0.0

References

https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Dec 14, 2023

JSON