Main Vulnerability Database Vulnerabilities #VU100042

#VU100042 Insufficient Session Expiration in Storage Resource Manager - CVE-2024-47242

Published: November 7, 2024

Vulnerability identifier: #VU100042

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-47242

CWE-ID: CWE-613

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Storage Resource Manager

Software vendor:
Dell

Description

The vulnerability allows an adjacent user to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue. An adjacent user can obtain or guess session token and gain unauthorized access to session that belongs to another user.

Remediation

Install updates from vendor's website.

External links

https://www.dell.com/support/kbdoc/nl-nl/000235152/dsa-2024-421-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities