Dell Update Manager Plugin Vulnerability Could Lead to Password Disclosure

CVE-2024-28971

3.5LOW

Key Information

Vendor: Dell
Status: Update Manager Plugin
Vendor: CVE Published:; 8 May 2024

Summary

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Affected Version(s)

Update Manager Plugin <= 1.5.0

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
May 8, 2024
Vulnerability Reserved.
Mar 13, 2024

Collectors

NVD DatabaseMitre Database