CVE-2024-28971
First published: Wed May 08 2024(Updated: )
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell OpenManage | >=1.4.0<1.5.1 | |
| Dell Update | >=1.4.0<=1.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-28971?
CVE-2024-28971 is classified as a high severity vulnerability due to the potential for credential disclosure.
How do I fix CVE-2024-28971?
To fix CVE-2024-28971, update the Dell Update Manager Plugin to version 1.5.1 or later.
Who is affected by CVE-2024-28971?
CVE-2024-28971 affects users of the Dell Update Manager Plugin versions 1.4.0 through 1.5.0.
What type of vulnerability is CVE-2024-28971?
CVE-2024-28971 is a Plain-text Password Storage Vulnerability in log files.
Can CVE-2024-28971 be exploited remotely?
Yes, a remote high privileged attacker could potentially exploit CVE-2024-28971.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/dell
- canonical/dell openmanage
- version/dell openmanage/1.4.0
- canonical/dell update