CVE-2023-39250

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-39250
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:replay_manager_for_vmware:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:storage_vsphere_client_plugin:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:storage_integration_tools_for_vmware:*:*:*:*:*:*:*:*
History

03 Nov 2023, 19:00

Type Values Removed Values Added
First Time Dell storage Vsphere Client Plugin
Dell replay Manager For Vmware
CPE cpe:2.3:a:dell:storage_integration_tools_for_vmware:06.01.00.016:*:*:*:*:*:*:* cpe:2.3:a:dell:storage_integration_tools_for_vmware:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:storage_vsphere_client_plugin:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:replay_manager_for_vmware:*:*:*:*:*:*:*:*

11 Oct 2023, 06:15

Type Values Removed Values Added
Summary Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
CWE CWE-668 CWE-540

24 Aug 2023, 16:17

Type Values Removed Values Added
References (MISC) https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities - (MISC) https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-540 CWE-668
First Time Dell
Dell storage Integration Tools For Vmware
CPE cpe:2.3:a:dell:storage_integration_tools_for_vmware:06.01.00.016:*:*:*:*:*:*:*

16 Aug 2023, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-16 16:15

Updated : 2023-11-03 19:00

NVD link : CVE-2023-39250

Mitre link : CVE-2023-39250

JSON object : View

Products Affected

dell

  • storage_vsphere_client_plugin
  • replay_manager_for_vmware
  • storage_integration_tools_for_vmware
CWE
CWE-540

Inclusion of Sensitive Information in Source Code