Vulnerabilities > CVE-2023-39250 - Information Exposure Through Source Code vulnerability in Dell products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

dell

CWE-540

NVD

Published: 2023-08-16

Updated: 2023-11-03

Summary

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Replay Manager FOR Vmware - Dell Storage Vsphere Client Plugin - Dell Storage Integration Tools FOR Vmware - Dell Storage Integration Tools FOR Vmware 06.01.00.016	4

Common Weakness Enumeration (CWE)

CWE-540 - Information Exposure Through Source Code

References

https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities