AVID-2026-R1546

Description

Vulnerability CVE-2024-47483

Details

Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Reason for inclusion in AVID: CVE-2024-47483 describes a SQL injection vulnerability in Dell Data Lakehouse (versions 1.0.0.0 and 1.1.0.0) that could lead to information disclosure. Dell Data Lakehouse is a software component often used in AI data pipelines for storage/processing of training and feature data. As such, this vulnerability affects a software component that can be part of the general-purpose AI stack (data ingestion/storage) and poses a security risk to AI data availability/confidentiality. Therefore it fits the criteria for AI-related vulnerability in the AI supply chain, with clear vulnerability behavior and evidence.

References

• NVD entry
• https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities

Affected or Relevant Artifacts

• Developer: Dell
• Deployer: Dell
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-10-25
• Version: 0.3.3
• AVID Entry