CVE-2024-22432
7.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | NetWorker Module for Databases and Applications - Oracle | 19.9 <= 19.9.0.3 | affected |
| Dell | NetWorker Module for Databases and Applications - Oracle | 19.8 <= 19.8.0.4 | affected |
| Dell | NetWorker Module for Databases and Applications - Oracle | 19.7 <= 19.7.0.5 | affected |
| Dell | NetWorker Module for Databases and Applications - Oracle | 19.7.1 | affected |
| Dell | NetWorker Module for Databases and Applications - Oracle | 0 < 19.7 | affected |
Weaknesses
- CWE-256: CWE-256: Plaintext Storage of a Password
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.