CVE-2024-22433
HIGHDescription
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.
Is your site exposed to CVE-2024-22433?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | data_protection_search |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-22433? +
How severe is CVE-2024-22433? +
What products are affected by CVE-2024-22433? +
How do I check if I'm vulnerable to CVE-2024-22433? +
Related Vulnerabilities
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret …
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after …
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in …
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that …
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version …
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, …