Dell PowerStore <3.5.0.1 Log Sensitive Leakage
CVE-2023-32478 Published on July 21, 2023

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-32478 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.


Products Associated with CVE-2023-32478

Want to know whenever a new CVE is published for Dell Powerstoreos? stack.watch will email you.

Dell Powerstoreos
 

Affected Versions

Dell PowerStore Version Versions prior to 3.5.0.1-2083289 is affected by CVE-2023-32478

Exploit Probability

EPSS
0.16%
Percentile
36.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.