4.3
CVE-2024-22229
- EPSS 0.16%
- Veröffentlicht 24.01.2024 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:55:50
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Unity Operating Environment Version5.3.0.0.5.120
Dell ≫ Unity Xt Operating Environment Version5.3.0.0.5.120
Dell ≫ Unityvsa Operating Environment Version5.3.0.0.5.120
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.373 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| security_alert@emc.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-117 Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.