1. Home
  2. CVE Database
  3. CVE-2024-28971
LOW · 3.5

CVE-2024-28971

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerabili...

Vulnerability Description

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
DellOpenmanage Enterprise Update Manager>= 1.4.0, < 1.5.1

Related Weaknesses (CWE)

CWE-522CWE-256

References

FAQ

What is CVE-2024-28971?

CVE-2024-28971 is a vulnerability with a CVSS score of 3.5 (LOW). Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerabili...

How severe is CVE-2024-28971?

CVE-2024-28971 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-28971?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Openmanage Enterprise Update Manager.