CVE-2024-28977 Vulnerability Details

  /     /     /  

CVE-2024-28977 Metadata Quick Info

CVE Published: 24/04/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: dell | Vendor: Dell | Product: Dell Repository Manager (DRM)
Status : PUBLISHED

---

CVE-2024-28977 Description

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application.

Metrics

CVSS Version: 3.1 | Base Score: 3.3 LOW
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20: Improper Input Validation
Source: Dell

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).