Refine your search
2 vulnerabilities found for OpenManage Server Administrator by Dell EMC
CVE-2019-3723 (GCVE-0-2019-3723)
Vulnerability from cvelistv5
Published
2019-06-06 19:14
Modified
2024-09-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Web Parameter Tampering Vulnerability
Summary
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | OpenManage Server Administrator |
Version: 9.1.0.3 < 9.1.0.3 Version: 9.3.0.4 < 9.3.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenManage Server Administrator",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "9.1.0.3",
"status": "affected",
"version": "9.1.0.3",
"versionType": "custom"
},
{
"lessThan": "9.3.0.4",
"status": "affected",
"version": "9.3.0.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Web Parameter Tampering Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T06:06:05.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Web Parameter Tampering Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-06-03T17:00:00.000Z",
"ID": "CVE-2019-3723",
"STATE": "PUBLIC",
"TITLE": "Web Parameter Tampering Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenManage Server Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.1.0.3",
"version_value": "9.1.0.3"
},
{
"version_affected": "\u003c",
"version_name": "9.3.0.4",
"version_value": "9.3.0.4"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Web Parameter Tampering Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108685"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3723",
"datePublished": "2019-06-06T19:14:38.463Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:05:23.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3722 (GCVE-0-2019-3722)
Vulnerability from cvelistv5
Published
2019-06-06 19:13
Modified
2024-09-16 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XML External Entity (XXE) Injection Vulnerability
Summary
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | OpenManage Server Administrator |
Version: 9.1.0.3 < 9.1.0.3 Version: 9.3.0.4 < 9.3.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenManage Server Administrator",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "9.1.0.3",
"status": "affected",
"version": "9.1.0.3",
"versionType": "custom"
},
{
"lessThan": "9.3.0.4",
"status": "affected",
"version": "9.3.0.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE) Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T06:06:05.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML External Entity (XXE) Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-06-03T17:00:00.000Z",
"ID": "CVE-2019-3722",
"STATE": "PUBLIC",
"TITLE": "XML External Entity (XXE) Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenManage Server Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.1.0.3",
"version_value": "9.1.0.3"
},
{
"version_affected": "\u003c",
"version_name": "9.3.0.4",
"version_value": "9.3.0.4"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE) Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108685"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3722",
"datePublished": "2019-06-06T19:13:51.076Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:22:35.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}