CVE-2024-28976

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell Repository Manager versions prior to 3.4.5

Description The issue concerns a Path Traversal vulnerability in the API module. A local attacker with low privileges could potentially exploit this to gain unauthorized write access to files on the server filesystem with the privileges of the running web application.

Recommendations For versions prior to 3.4.5, update to version 3.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the API module to minimize the risk of exploitation.

Fix

Path traversal

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-20

Related Identifiers

CVE-2024-28976

Affected Products

Dell Repository Manager

CVE-2024-28976

Weakness Enumeration

Related Identifiers

Affected Products

References · 4