Dell Data Lakehouse 1.0.0.0: DDAE (Starburst) Missing Encrypt for Sensitive Data
CVE-2024-38302 Published on July 18, 2024

Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.


Products Associated with CVE-2024-38302

Want to know whenever a new CVE is published for Dell Data Lakehouse? stack.watch will email you.

Dell Data Lakehouse
 

Affected Versions

Dell Data Lakehouse Version 1.0.0.0 is affected by CVE-2024-38302

Exploit Probability

EPSS
0.07%
Percentile
21.13%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.