CVE-2024-47481

Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:data_lakehouse:1.0.0.0:::::::*
	cpe:2.3:a:dell:data_lakehouse:1.1.0.0:::::::*

History

No history.

Information

Published : 2024-10-25 11:15

Updated : 2024-10-31 00:01

NVD link : CVE-2024-47481

Mitre link : CVE-2024-47481

CVE.ORG link : CVE-2024-47481

JSON object : View

Products Affected

dell

data_lakehouse

CWE

CWE-284

Improper Access Control

NVD-CWE-Other

{"id": "CVE-2024-47481", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-25T11:15:17.717", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service."}, {"lang": "es", "value": "Dell Data Lakehouse, versiones 1.0.0.0, 1.1.0., contiene una vulnerabilidad de control de acceso inadecuado. Un atacante no autenticado con acceso a la red adyacente podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda una denegaci\u00f3n de servicio."}], "lastModified": "2024-10-31T00:01:40.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:data_lakehouse:1.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "839FBFDF-07D0-4D53-A264-D66DC6CB91D1"}, {"criteria": "cpe:2.3:a:dell:data_lakehouse:1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F92033EC-EA61-41E5-AB84-F2A560BBAF81"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}