Dell Data Lakehouse Vulnerable to Missing Encryption of Sensitive Data

CVE-2024-38302

6.8MEDIUM

Key Information

Vendor
Dell
Status
Dell Data Lakehouse
Vendor
CVE Published:
18 July 2024

Summary

Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Affected Version(s)

Dell Data Lakehouse = 1.0.0.0

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.