CVE-2024-37144
CVE-2024-37144
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
10 dez 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Dell · Dell Data LakehouseDell · Dell InsightIQDell · Dell PowerFlex applianceDell · Dell PowerFlex custom nodeDell · Dell PowerFlex rackQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →