Lucene search

DellCVE-2023-28069

HistoryApr 05, 2023 - 8:15 a.m.

CVE-2023-28069

2023-04-0508:15:07

CWE-601

dell

web.nvd.nist.gov

dell

streaming data platform

cve-2023-28069

open redirect

vulnerability

information disclosure

phishing

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

29.5%

JSON

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

Affected configurations

Nvd

Vulners

Node

dellstreaming_data_platformRange<1.4

VendorProductVersionCPE
dellstreaming_data_platform*cpe:2.3:a:dell:streaming_data_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	streaming_data_platform	*	cpe:2.3:a:dell:streaming_data_platform::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Streaming Data Platform",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.x, 1.2.x, 1.3.x"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000204266/dsa-2022-258-dell-streaming-data-platform-security-update-for-multiple-third-party-component-vulnerabilities

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

29.5%

JSON

Related for CVE-2023-28069