CVE-2024-28971
LOWDescription
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | openmanage_enterprise_update_manager |
References
Frequently Asked Questions
What is CVE-2024-28971? +
How severe is CVE-2024-28971? +
What products are affected by CVE-2024-28971? +
How do I check if I'm vulnerable to CVE-2024-28971? +
Related Vulnerabilities
WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor …
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the …
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5.
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A …
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID …
LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in …