CVE-2024-25957

EPSS 0.06%
Veröffentlicht 26.03.2024 16:15:11
Zuletzt bearbeitet 28.01.2025 18:54:00
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Grab SwPlatformwindows Version < 5.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security_alert@emc.com	4.8	1.3	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25957

EUVD