CVE-2024-28979

Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:openmanage_enterprise:*:*:*:*:*:*:*:*

History

23 May 2024, 19:05

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.1~~	v2 : unknown v3 : 4.8
CPE		cpe:2.3:a:dell:openmanage_enterprise::::::::
CWE		CWE-79
References	~~() https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability - Vendor Advisory
First Time		Dell Dell openmanage Enterprise
Summary		(es) Dell OpenManage Enterprise, versiones anteriores a la 4.1.0, contiene una vulnerabilidad de inyección XSS en la interfaz de usuario. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad, lo que provocaría una inyección de JavaScript.

01 May 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-01 04:15

Updated : 2024-05-23 19:05

NVD link : CVE-2024-28979

Mitre link : CVE-2024-28979

CVE.ORG link : CVE-2024-28979

JSON object : View

Products Affected

dell

openmanage_enterprise

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-20

Improper Input Validation

{"id": "CVE-2024-28979", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.0}]}, "published": "2024-05-01T04:15:10.387", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection."}, {"lang": "es", "value": "Dell OpenManage Enterprise, versiones anteriores a la 4.1.0, contiene una vulnerabilidad de inyecci\u00f3n XSS en la interfaz de usuario. Un atacante local con privilegios elevados podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una inyecci\u00f3n de JavaScript."}], "lastModified": "2024-05-23T19:05:51.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:openmanage_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D5A1D00-2AB4-4F92-9CF6-DB82E68B5A01", "versionEndExcluding": "4.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}