CVE-2024-28971

Name of the Vulnerable Software and Affected Versions Dell Update Manager Plugin versions 1.4.0 through 1.5.0

Description The issue concerns a Plain-text Password Storage Vulnerability in the log file of the Dell Update Manager Plugin. A remote high privileged attacker could potentially exploit this, leading to the disclosure of certain user credentials. The attacker may then use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Recommendations For versions 1.4.0 through 1.5.0, consider restricting access to the log file to minimize the risk of credential exposure until a patch is available. As a temporary workaround, disabling the logging feature or encrypting the log files could help mitigate the risk.