CVE-2024-22221

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue is related to a lack of protection of the SQL query structure in the Dell Unity Operating Environment, which can be exploited by an authenticated attacker to expose sensitive information. This is a SQL Injection vulnerability that could allow a remote attacker to disclose protected information.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and limiting the privileges of authenticated users to minimize the risk of exploitation.