DSA-2024-209: Security Update for Dell Update Manager Plugin Vulnerability

Summary: Dell Update Manager Plugin remediation is available for plaintext password vulnerability in Log file that could be exploited by malicious users to compromise the affected system.

Bu makale şunlar için geçerlidir: Bu makale şunlar için geçerli değildir: Bu makale, belirli bir ürüne bağlı değildir. Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Diğer kaynaklara göz atın

Impact

Low

Details

Proprietary Code CVEs Description  CVSS Base Score CVSS Vector String
CVE-2024-28971 Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description  CVSS Base Score CVSS Vector String
CVE-2024-28971 Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Etkilenen Ürünler ve Düzeltme

Product  Affected Versions  Remediated Versions  Link 
Dell Update Manager Plugin Versions 1.4.0 through 1.5.0 1.5.1 Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US
Product  Affected Versions  Remediated Versions  Link 
Dell Update Manager Plugin Versions 1.4.0 through 1.5.0 1.5.1 Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US
No action required from the customer if UMP-1.5.1 is already installed by the customer. However, we recommend following the workaround mentioned above.

Geçici Çözümler ve Risk Azaltma

CVE ID Workaround and Mitigation
CVE-2024-28971 Remove logs from UMP

Revision History

RevisionDateDescription
1.02024-05-07Initial release
2.02025-04-15Added product tagging for better classification

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Yasal Uyarı

Etkilenen Ürünler

OpenManage Enterprise Update Manager
Makale Özellikleri
Article Number: 000224849
Article Type: Dell Security Advisory
Son Değiştirme: 15 Nis 2025
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.