CVE-2024-37135

{"id": "CVE-2024-37135", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-07-31T14:15:06.373", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000227424/dsa-2024-290-security-update-for-dell-powerprotect-data-manager-appliance-dm5500-for-multiple-vulnerabilities", "source": "security_alert@emc.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."}, {"lang": "es", "value": "DM5500 5.16.0.0, contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un atacante local con altos privilegios podr\u00eda explotar esta vulnerabilidad, lo que dar\u00eda lugar a la divulgaci\u00f3n de determinadas credenciales de usuario. Es posible que el atacante pueda utilizar las credenciales expuestas para acceder a la aplicaci\u00f3n vulnerable con los privilegios de la cuenta comprometida."}], "lastModified": "2024-08-01T12:42:36.933", "sourceIdentifier": "security_alert@emc.com"}