Vulnerability Details : CVE-2023-39245
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.
Vulnerability category: Information leak
Products affected by CVE-2023-39245
- cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_landscape_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-39245
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39245
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2025-01-23 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Dell | 2024-02-15 |
CWE ids for CVE-2023-39245
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: security_alert@emc.com (Secondary)
References for CVE-2023-39245
-
https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities
DSA-2023-299: Security Update for Dell ESI (Enterprise Storage Integrator) for SAP LAMA multiple security vulnerabilities. | Dell USVendor Advisory
Jump to