We use cookies to improve your experience on our site.
AVID-2026-R1545
Description
Vulnerability CVE-2024-47481
Details
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.
Reason for inclusion in AVID: CVE-2024-47481 describes an Improper Access Control vulnerability in Dell Data Lakehouse (software used to store/handle data for ML/AI pipelines). This affects a software component commonly used in AI data pipelines, with potential DoS impact. Therefore it is a software supply-chain-relevant vulnerability impacting AI systems, and there is sufficient evidence in the CVE entry to classify it as a security vulnerability.
References
- NVD entry
- https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities
Affected or Relevant Artifacts
- Developer: Dell
- Deployer: Dell
- Artifact Details:
| Type | Name |
|---|---|
| System | Dell Data Lakehouse |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Base Score | 6.5 |
| Base Severity | 🟠 Medium |
| Attack Vector | ADJACENT_NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-284 | CWE-284: Improper Access Control |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-10-25
- Version: 0.3.3
- AVID Entry