CVE-2024-28971
https://notcve.org/view.php?id=CVE-2024-28971
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. El complemento Dell Update Manager, versiones 1.4.0 a 1.5.0, contiene una vulnerabilidad de almacenamiento de contraseñas de texto plano en el archivo de registro. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de ciertas credenciales de usuario. • https://www.dell.com/support/kbdoc/en-us/000224849/dsa-2024-209-security-update-for-dell-update-manager-plugin-vulnerability • CWE-256: Plaintext Storage of a Password •
CVE-2024-28979
https://notcve.org/view.php?id=CVE-2024-28979
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection. Dell OpenManage Enterprise, versiones anteriores a la 4.1.0, contiene una vulnerabilidad de inyección XSS en la interfaz de usuario. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad, lo que provocaría una inyección de JavaScript. Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. • https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-28978
https://notcve.org/view.php?id=CVE-2024-28978
Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources. Dell OpenManage Enterprise, versiones 3.10 y 4.0, contiene una vulnerabilidad de control de acceso inadecuado. Un atacante remoto con privilegios elevados podría explotar esta vulnerabilidad, lo que provocaría un acceso no autorizado a los recursos. • https://www.dell.com/support/kbdoc/en-us/000224641/dsa-2024-201-security-update-for-dell-openmanage-enterprise-vulnerability • CWE-284: Improper Access Control •
CVE-2024-3411 – Insufficient Randomness When Validating an IPMI Authenticated Session
https://notcve.org/view.php?id=CVE-2024-3411
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device. Las implementaciones de sesiones autenticadas de IPMI no proporcionan suficiente aleatoriedad para proteger contra el secuestro de sesiones, lo que permite a un atacante utilizar un ID de sesión de IPMI predecible o un número aleatorio de BMC débil para eludir los controles de seguridad utilizando paquetes IPMI falsificados para administrar el dispositivo BMC. • https://kb.cert.org/vuls/id/163057 https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf •
CVE-2024-28961
https://notcve.org/view.php?id=CVE-2024-28961
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity. Dell OpenManage Enterprise, versiones 4.0.0 y 4.0.1, contiene una vulnerabilidad de divulgación de información confidencial. Un usuario malicioso local con pocos privilegios podría explotar esta vulnerabilidad para obtener credenciales que conduzcan a un acceso no autorizado con privilegios elevados. • https://www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability • CWE-256: Plaintext Storage of a Password •