HIGH✓ PATCH🇬🇧 English

CVE-2024-37144

CVSS 8.2v3.1pub. 2024-12-10upd. 2026-01-22

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Dell Data Lakehouse

    APP
    Dell
    < 1.2.0.0
  • Dell Insightiq

    APP
    Dell
    < 5.1.1
  • Dell Powerflex Appliance Intelligent Catalog

    APP
    Dell
    < 46.376.00
  • Dell Powerflex Manager

    APP
    Dell
    < 4.6.1.0
  • Dell Powerflex Rack Release Certification Matrix

    APP
    Dell
    3.7.0.0 – 3.7.6.0 (bez)3.8.0.0 – 3.8.1.0 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2025-46608CRITICAL9.1PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w Dell Data Lakehouse — Elevation of Privileges

CVE-2024-37143CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność RCE w produktach Dell PowerFlex, InsightIQ i Data Lakehouse

CVE-2026-32804HIGH8.1ten sam produkt

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An u...

CVE-2026-22283HIGH7.5ten sam produkt

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted C...

CVE-2026-35065HIGH8.8ten sam produkt

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function...