CVE-2024-22455

Name of the Vulnerable Software and Affected Versions Dell Mobility - E-Lab Navigator versions 3.1.9 through 3.2.0

Description The issue allows an unauthenticated attacker with local access to potentially exploit the vulnerability, leading to the launch of phishing attacks. It is related to an Insecure Direct Object Reference Vulnerability in Feedback submission, which could be manipulated by an attacker.

Recommendations For versions 3.1.9 and 3.2.0, consider restricting access to the Feedback submission feature until a patch is available. As a temporary workaround, avoid using the vulnerable Feedback submission feature in Dell E-Lab Navigator until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.