#VU94847 Missing Encryption of Sensitive Data in Data Lakehouse


Published: 2024-07-30

Vulnerability identifier: #VU94847

Vulnerability risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38302

CWE-ID: CWE-311

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Data Lakehouse
Other software / Other software solutions

Vendor: Dell

Description

The vulnerability allows an adjacent user to gain access to potentially sensitive information.

The vulnerability exists due to missing encryption of sensitive data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Data Lakehouse: 1.0.0.0


External links
http://www.dell.com/support/kbdoc/en-us/000227053/dsa-2024-303-security-update-for-dell-data-lakehouse-system-software-for-multiple-security-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability