CVE-2023-39245

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_landscape_management:*:*:*:*:*:*:*:*

History

23 Jan 2025, 16:57

Type	Values Removed	Values Added
First Time		Dell enterprise Storage Integrator For Sap Landscape Management Dell
CPE		cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_landscape_management::::::::
References	~~() https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities - Vendor Advisory
CWE		NVD-CWE-noinfo

21 Nov 2024, 08:14

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities -

Information

Published : 2024-02-15 13:15

Updated : 2025-01-23 16:57

NVD link : CVE-2023-39245

Mitre link : CVE-2023-39245

CVE.ORG link : CVE-2023-39245

JSON object : View

Products Affected

dell

enterprise_storage_integrator_for_sap_landscape_management

CWE

CWE-319

Cleartext Transmission of Sensitive Information

NVD-CWE-noinfo

9.8 /10