CVE-2024-22433

Summary

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

Affected Software

VendorProductVersion RangeStatus
DellData Protection Search19.2.0affected
DellData Protection Search19.3.0affected
DellData Protection Search19.4.0affected
DellData Protection Search19.5.0affected
DellData Protection Search19.5.1affected
DellData Protection Search19.6.0affected
DellData Protection Search19.6.1affected
DellData Protection Search19.6.2affected
DellData Protection Search19.6.3affected

Weaknesses

  • CWE-538: CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References