Insufficient Session Expiration in Storage Resource Manager - CVE-2024-47242

 

Insufficient Session Expiration in Storage Resource Manager - CVE-2024-47242

Published: November 7, 2024


Vulnerability identifier: #VU100042
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-47242
CWE-ID: CWE-613
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Dell
Affected software:
Storage Resource Manager

Detailed vulnerability description

The vulnerability allows an adjacent user to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue. An adjacent user can obtain or guess session token and gain unauthorized access to session that belongs to another user.


How to mitigate CVE-2024-47242

Install updates from vendor's website.

Sources