CVE-2024-22432

N/A

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

明文存储口令

Dell NetWorker 安全漏洞

Dell NetWorker是美国戴尔（Dell）公司的一个应用程序。提供戴尔公司的论坛讨论功能。 Dell NetWorker 19.9 版本、NMDA MySQL Database 19.9 到 19.9.0.3 、19.9 到 19.9.0.3、19.7 之前版本存在安全漏洞，该漏洞源于数据库在备份期间在临时配置文件中存储纯文本密码，攻击者利用该漏洞能够使用暴露的凭据以受感染帐户的权限访问易受攻击的应用程序数据库。

N/A

N/A