Dell Data Lakehouse Vulnerable to Missing Encryption of Sensitive Data
CVE-2024-38302

5.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Data Lakehouse
Vendor: CVE Published:; 18 July 2024

Summary

Dell Data Lakehouse versions 1.0.0.0 have a vulnerability related to missing encryption of sensitive data in the DDAE (Starburst) component. An attacker with low privileges and adjacent network access could exploit this flaw, potentially leading to unauthorized disclosure of sensitive information. Organizations using affected versions should apply the relevant security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Dell Data Lakehouse 1.0.0.0

References

https://www.dell.com/support/kbdoc/en-us/000227053/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2024
Vulnerability Reserved
Jun 13, 2024