DSA-2024-209: Security Update for Dell Update Manager Plugin Vulnerability
Сводка: Dell Update Manager Plugin remediation is available for plaintext password vulnerability in Log file that could be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Low
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28971 | Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 3.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28971 | Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 3.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Затронутые продукты и исправление
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Update Manager Plugin | Versions 1.4.0 through 1.5.0 | 1.5.1 | Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Update Manager Plugin | Versions 1.4.0 through 1.5.0 | 1.5.1 | Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US |
No action required from the customer if UMP-1.5.1 is already installed by the customer. However, we recommend following the workaround mentioned above.
Временные решения и снижение риска
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2024-28971 | Remove logs from UMP |
История изменений
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-05-07 | Initial release |
| 2.0 | 2025-04-15 | Added product tagging for better classification |
Связанная информация
Правовая оговорка
Затронутые продукты
OpenManage Enterprise Update ManagerСвойства статьи
Номер статьи: 000224849
Тип статьи: Dell Security Advisory
Последнее изменение: 15 Apr 2025
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.