CVE-2024-38487 | api-gateway container running with root privilege would allo… | CVSS 7.0 HIGH

Description

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.

Metadata

CVE ID: CVE-2024-38487
State: PUBLISHED
Assigner: dell
Reserved: 2024-06-18 01:53 UTC
Published: 2026-06-16 16:29 UTC
Last updated: 2026-06-16 17:38 UTC
Primary CWE: CWE-269
CWE-269: Improper Privilege Management
Vendor / Product: Dell / EMC VxRail Appliance
Sources: cve.org · NVD

Severity & Metrics

7.0 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Dell	EMC VxRail Appliance	—	0 < 7.0.520

Weakness (CWE)

CWE	Source	Description
CWE-269	cna	CWE-269: Improper Privilege Management

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.0	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

References (1)

https://www.dell.com/support/kbdoc/en-us/000226270/dsa-2024-247-security-update-for-dell-vxrail-7-0-520-multiple-third-party-component-vulnerabilities