CVE-2024-38485
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 9, 2024
CWE ID 601
Summary
CVE-2024-38485 is a newly disclosed vulnerability affecting Dell ECS versions prior to 3.8.0. This issue involves a Host Header Injection vulnerability, which allows a remote, low-privileged attacker to trigger redirections. By manipulating the Host Header, an attacker could potentially gain unauthorized access to sensitive information. The vulnerability poses a significant risk, as it can be exploited without requiring extensive privileges. Dell urges users to upgrade to the latest version of the software to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Amazon Elastic Container Service
Affected Vendors
- Amazon Web Services