Article Number: 000224642
DSA-2024-202: Security Update for Dell OpenManage Enterprise Vulnerability
Summary: Dell OpenManage Enterprise remediation is available for XSS injection vulnerability that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28979 | Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection. | 5.1 | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28979 | Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection. | 5.1 | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L |
Affected Products and Remediation
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell OpenManage Enterprise | Versions prior to 4.1.0 | 4.1.0 | Support for Dell OpenManage Enterprise | Dell US |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell OpenManage Enterprise | Versions prior to 4.1.0 | 4.1.0 | Support for Dell OpenManage Enterprise | Dell US |
Acknowledgements
Dell would like to thank Stanislav Kravchenko for reporting this issue.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-04-30 | Initial release |
Related Information
Legal Information
Article Properties
Affected Product
Dell OpenManage Enterprise
Last Published Date
30 Apr 2024
Article Type
Dell Security Advisory