CVE-2024-28977

Name of the Vulnerable Software and Affected Versions: Dell Repository Manager versions 3.4.2 through 3.4.4

Description: The issue is related to a Path Traversal vulnerability in the logger module of Dell Repository Manager. This vulnerability can be exploited by a local attacker with low privileges to gain unauthorized read access to files stored on the server filesystem, using the privileges of the running web application. The vulnerability exists due to insufficient input validation in the logger module, which can allow an attacker to access information without proper authorization.

Recommendations: For versions 3.4.2 through 3.4.4, consider disabling the logger module as a temporary workaround until a patch is available. Restrict access to sensitive files on the server filesystem to minimize the risk of exploitation.