Dell DP Search 19.2.0+ LDAP Password Exposure via LdapSettings
CVE-2024-22433 Published on February 6, 2024
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.
Vulnerability Analysis
CVE-2024-22433 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.
Weakness Type
Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Products Associated with CVE-2024-22433
Want to know whenever a new CVE is published for Dell Data Protection Search? stack.watch will email you.
Affected Versions
Dell Data Protection Search:- Version 19.2.0 is affected.
- Version 19.3.0 is affected.
- Version 19.4.0 is affected.
- Version 19.5.0 is affected.
- Version 19.5.1 is affected.
- Version 19.6.0 is affected.
- Version 19.6.1 is affected.
- Version 19.6.2 is affected.
- Version 19.6.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.