Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5377 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station. | |||||
CVE-2019-3721 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system. | |||||
CVE-2019-3723 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation | |||||
CVE-2019-3720 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters. | |||||
CVE-2019-3722 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. |