CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-39245

CVSS 9.8v3.1pub. 2024-02-15upd. 2025-01-23

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

🤖 AI Analysis
How it works

The vulnerability results from transmitting sensitive information (including login credentials) without proper encryption (CWE-319 – Cleartext Transmission of Sensitive Information). An attacker in a network eavesdropping position can intercept the transmission and read administrator authentication data from it. No authorization or user interaction on the victim's side is required.

Impact

An attacker can obtain administrator-level credentials, which in practice means complete takeover of the Dell ESI for SAP LAMA environment — leading to violation of confidentiality, integrity, and availability of data and systems managed by this software.

Mitigation & patch

Apply patches available from the vendor according to references — Dell published security update DSA-2023-299 available at: https://www.dell.com/support/kbdoc/en-us/000216654/

Who is affected

Dell Enterprise Storage Integrator (ESI) for SAP LAMA, version 10.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Enterprise Storage Integrator For Sap Landscape Management

    APP
    Dell
    < 10.0.0.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-39244HIGH7.3ten sam produkt

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulner...

CVE-2026-22769CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Dell RecoverPoint for VMs — zahardkodowane dane uwierzytelniające (RCE, root)

CVE-2026-41120CRITICAL9.8PL ✓ten sam vendor

RCE w Dell Wyse Management Suite — akceptacja niezaufanych danych

CVE-2026-40636CRITICAL9.8PL ✓ten sam vendor

Dell ECS / ObjectScale — podatność hard-coded credentials umożliwiająca dostęp do systemu plików

CVE-2025-46608CRITICAL9.1PL ✓ten sam vendor

Nieprawidłowa kontrola dostępu w Dell Data Lakehouse — Elevation of Privileges