Vulnerability Details : CVE-2023-39244
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.
Vulnerability category: Information leak
Products affected by CVE-2023-39244
- cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_landscape_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-39244
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39244
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2025-01-23 |
|
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
Dell | 2024-02-15 |
CWE ids for CVE-2023-39244
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: security_alert@emc.com (Secondary)
References for CVE-2023-39244
-
https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities
DSA-2023-299: Security Update for Dell ESI (Enterprise Storage Integrator) for SAP LAMA multiple security vulnerabilities. | Dell USVendor Advisory
Jump to