CVE-2024-47481

Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:data_lakehouse:1.0.0.0:::::::*
	cpe:2.3:a:dell:data_lakehouse:1.1.0.0:::::::*

History

31 Oct 2024, 00:01

Type	Values Removed	Values Added
First Time		Dell Dell data Lakehouse
CPE		cpe:2.3:a:dell:data_lakehouse:1.0.0.0:::::::* cpe:2.3:a:dell:data_lakehouse:1.1.0.0:::::::*
Summary		(es) Dell Data Lakehouse, versiones 1.0.0.0, 1.1.0., contiene una vulnerabilidad de control de acceso inadecuado. Un atacante no autenticado con acceso a la red adyacente podría aprovechar esta vulnerabilidad, lo que provocaría una denegación de servicio.
References	~~() https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities - Vendor Advisory
CWE		NVD-CWE-Other

25 Oct 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-25 11:15

Updated : 2024-10-31 00:01

NVD link : CVE-2024-47481

Mitre link : CVE-2024-47481

CVE.ORG link : CVE-2024-47481

JSON object : View

Products Affected

dell

data_lakehouse

CWE

NVD-CWE-Other CWE-284

Improper Access Control

{"id": "CVE-2024-47481", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-25T11:15:17.717", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service."}, {"lang": "es", "value": "Dell Data Lakehouse, versiones 1.0.0.0, 1.1.0., contiene una vulnerabilidad de control de acceso inadecuado. Un atacante no autenticado con acceso a la red adyacente podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda una denegaci\u00f3n de servicio."}], "lastModified": "2024-10-31T00:01:40.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:data_lakehouse:1.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "839FBFDF-07D0-4D53-A264-D66DC6CB91D1"}, {"criteria": "cpe:2.3:a:dell:data_lakehouse:1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F92033EC-EA61-41E5-AB84-F2A560BBAF81"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}

6.5 /10