Missing Encryption of Sensitive Data

CVE-2023-28045

Medium

6.3/10

Summary

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-311 - Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission.

References

Advisory Timeline

Published May 19, 2023

Missing Encryption of Sensitive Data

CVE-2023-28045

Summary

CWE-311 - Missing Encryption of Sensitive Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS