CVE-2024-38485

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 9, 2024
CWE ID 601

Summary

CVE-2024-38485 is a newly disclosed vulnerability affecting Dell ECS versions prior to 3.8.0. This issue involves a Host Header Injection vulnerability, which allows a remote, low-privileged attacker to trigger redirections. By manipulating the Host Header, an attacker could potentially gain unauthorized access to sensitive information. The vulnerability poses a significant risk, as it can be exploited without requiring extensive privileges. Dell urges users to upgrade to the latest version of the software to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Amazon Elastic Container Service

Affected Vendors

  • Amazon Web Services