Cyber Resilience

CVE-2024-22433

High

Published: 06 February 2024

Published
06 February 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
EPSS Score 0.0022 45.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22433 is a high-severity Insertion of Sensitive Information into Externally-Accessible File or Directory (CWE-538) vulnerability in Dell Data Protection Search. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 45.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and…

more

remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
data protection search
19.2.0 — 19.6.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-538

Pre- and post-publication reviews prevent insertion of sensitive information into externally-accessible public locations.

addresses: CWE-538

Monitors for sensitive information placed in externally accessible files or directories.

addresses: CWE-538

The map shows if data actions result in sensitive information being placed in externally accessible locations.

addresses: CWE-538

Isolation and eradication reduce the ability to exploit sensitive information inserted into externally-accessible files or directories.

addresses: CWE-538

Approved categorization forces identification of externally accessible files that contain sensitive content so they receive proper protection.

addresses: CWE-538

The pre-implementation review identifies externally accessible files or directories containing PII and drives access restrictions or removal.

addresses: CWE-538

Tainting makes it possible to determine when sensitive data has been removed from externally accessible files or directories.

addresses: CWE-538

OPSEC practices stop placement of supply-chain information into locations accessible to external parties.

References