CVE-2024-47483: SQL Injection
First published: Fri Oct 25 2024(Updated: )
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Data Lakehouse | =1.0.0.0 | |
| Dell Data Lakehouse | =1.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-47483?
CVE-2024-47483 is considered a medium severity SQL injection vulnerability that can lead to information disclosure.
How do I fix CVE-2024-47483?
To fix CVE-2024-47483, update Dell Data Lakehouse to version 1.1.0.1 or later, which contains the necessary patches.
Who is affected by CVE-2024-47483?
CVE-2024-47483 affects users of Dell Data Lakehouse versions 1.0.0.0 and 1.1.0.0.
What type of attack is possible with CVE-2024-47483?
An attacker can exploit CVE-2024-47483 through SQL injection to potentially disclose sensitive information.
Is authentication required to exploit CVE-2024-47483?
No, an unauthenticated attacker with local access can exploit CVE-2024-47483.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/dell
- canonical/dell data lakehouse
- version/dell data lakehouse/1.0.0.0
- version/dell data lakehouse/1.1.0.0