CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities
https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities

Configurations

No configuration.

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	() https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities -	() https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities -

15 Apr 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) Dell Storage Resource Manager, 4.9.0.0 y anteriores, contiene una vulnerabilidad de reparación de sesión en SRM Windows Host Agent. Un atacante no autenticado de una red adyacente podría explotar esta vulnerabilidad, lo que provocaría el secuestro de la sesión de la aplicación del usuario objetivo.

12 Apr 2024, 17:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-12 17:17

Updated : 2024-11-21 08:45

NVD link : CVE-2024-0157

Mitre link : CVE-2024-0157

CVE.ORG link : CVE-2024-0157

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

5.9 /10