CVE-2023-28045

MEDIUM

Dell Cloudiq Collector < 1.10.17 - Missing Encryption

Title source: rule

Description

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.

References (1)

[Patch, Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000213696/dsa-2023-165-dell-cloudiq-collector-security-update-for-missing-encryption-of-sensitive-data-vulnerability

Scores

CVSS v3 6.3

EPSS 0.0012

EPSS Percentile 30.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

dell/cloudiq_collector 1.10.2 - 1.10.17

Published May 19, 2023

Tracked Since Feb 18, 2026