CVE-2024-22433 is a vulnerability in Dell Data Protection Search
Published on February 6, 2024
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.
Vulnerability Analysis
CVE-2024-22433 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2024-22433
You can be notified by stack.watch whenever vulnerabilities like CVE-2024-22433 are published in these products:
What versions of Data Protection Search are vulnerable to CVE-2024-22433?
-
Dell Data Protection Search
Version 19.2.0
Fixed in Version 19.6.4