CVE-2023-39245 - Vulnerability Details - OpenCVE

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Enterprise Storage Integrator For Sap Landscape Management

Configuration 1 [-]

cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_landscape_management:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities

History

Thu, 23 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell enterprise Storage Integrator For Sap Landscape Management
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_landscape_management::::::::
Vendors & Products		Dell Dell enterprise Storage Integrator For Sap Landscape Management

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-02-15T13:03:27.157Z

Updated: 2024-08-16T18:03:17.756Z

Reserved: 2023-07-26T08:13:50.420Z

Link: CVE-2023-39245

Vulnrichment

Updated: 2024-08-02T18:02:06.679Z

NVD

Status : Analyzed

Published: 2024-02-15T13:15:46.000

Modified: 2025-01-23T16:57:31.067

Link: CVE-2023-39245

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39245", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-07-26T08:13:50.420Z", "datePublished": "2024-02-15T13:03:27.157Z", "dateUpdated": "2024-08-16T18:03:17.756Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESI (Enterprise Storage Integrator) for SAP LAMA", "vendor": "Dell", "versions": [{"lessThan": "V10.0.0.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-07-27T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.</span>\n\n"}], "value": "\nDELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-15T13:03:27.157Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.679Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities"}]}, {"affected": [{"vendor": "dell", "product": "enterprise_storage_integrator_for_sap_lama", "cpes": ["cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_lama:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.0.0.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-16T18:00:24.768384Z", "id": "CVE-2023-39245", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T18:03:17.756Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.679Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39245", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-16T18:00:24.768384Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_lama:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "enterprise_storage_integrator_for_sap_lama", "versions": [{"status": "affected", "version": "0", "lessThan": "10.0.0.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T18:03:03.684Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "ESI (Enterprise Storage Integrator) for SAP LAMA", "versions": [{"status": "affected", "version": "0", "lessThan": "V10.0.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2023-07-27T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nDELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-15T13:03:27.157Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39245", "state": "PUBLISHED", "dateUpdated": "2024-08-16T18:03:17.756Z", "dateReserved": "2023-07-26T08:13:50.420Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-02-15T13:03:27.157Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:enterprise_storage_integrator_for_sap_landscape_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BF50F45-2A95-4BE7-8F7D-150893330F90", "versionEndExcluding": "10.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nDELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.\n\n"}, {"lang": "es", "value": "DELL ESI (Enterprise Storage Integrator) para SAP LAMA, versi\u00f3n 10.0, contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el componente EHAC. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad escuchando a escondidas el tr\u00e1fico de la red para obtener credenciales de nivel de administrador."}], "id": "CVE-2023-39245", "lastModified": "2025-01-23T16:57:31.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-15T13:15:46.000", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216654/dsa-2023-299-security-update-for-dell-esi-enterprise-storage-integrator-for-sap-lama-multiple-security-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}