6.5
CVE-2024-0157
- EPSS 0.4%
- Veröffentlicht 12.04.2024 17:17:21
- Zuletzt bearbeitet 04.02.2025 17:08:51
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Storage Monitoring And Reporting Version < 5.0.0.0
Dell ≫ Storage Resource Manager Version < 5.0.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.315 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| security_alert@emc.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-384 Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities