HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-22433

CVSS 8.8v3.1pub. 2024-02-06upd. 2024-11-21

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
  • Dell Data Protection Search

    APP
    Dell
    19.2.0 – 19.6.4 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-22769CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Dell RecoverPoint for VMs — zahardkodowane dane uwierzytelniające (RCE, root)

CVE-2026-41120CRITICAL9.8PL ✓ten sam vendor

RCE w Dell Wyse Management Suite — akceptacja niezaufanych danych

CVE-2026-40636CRITICAL9.8PL ✓ten sam vendor

Dell ECS / ObjectScale — podatność hard-coded credentials umożliwiająca dostęp do systemu plików

CVE-2025-46608CRITICAL9.1PL ✓ten sam vendor

Nieprawidłowa kontrola dostępu w Dell Data Lakehouse — Elevation of Privileges

CVE-2025-46364CRITICAL9.1PL ✓ten sam vendor

Dell CloudLink — CLI Escape umożliwia przejęcie kontroli nad systemem