CVE-2023-28045

MEDIUM

Dell CloudIQ Collector 1.10.2-1.10.16 - Missing Encryption of Sensitive Data

Title source: llm

Description

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000213696/dsa-2023-165-dell-cloudiq-collector-security-update-for-missing-encryption-of-sensitive-data-vulnerability

Scores

CVSS v3 6.3

EPSS 0.0018

EPSS Percentile 7.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

dell/cloudiq_collector 1.10.2 - 1.10.17

Published May 19, 2023

Tracked Since Feb 18, 2026