Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Open Manage System Administrator by Dell EMC
CVE-2019-3721 (GCVE-0-2019-3721)
Vulnerability from nvd – Published: 2019-04-25 20:17 – Updated: 2024-09-16 19:20
VLAI
Title
Improper Range Header Processing Vulnerability
Summary
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system.
Severity
4.3 (Medium)
CWE
- Improper Range Header Vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dell.com/support/article/us/en/04/sln… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108092 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Open Manage System Administrator |
Affected:
9.3 , < 9.3
(custom)
|
Date Public
2019-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Manage System Administrator",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Murat Aydemir of Biznet Billisim A.S. for reporting this issue."
}
],
"datePublic": "2019-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Range Header Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T18:06:09.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Range Header Processing Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-24T05:00:00.000Z",
"ID": "CVE-2019-3721",
"STATE": "PUBLIC",
"TITLE": "Improper Range Header Processing Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Manage System Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.3",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Murat Aydemir of Biznet Billisim A.S. for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Range Header Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108092"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3721",
"datePublished": "2019-04-25T20:17:37.195Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:20:31.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3720 (GCVE-0-2019-3720)
Vulnerability from nvd – Published: 2019-04-25 20:17 – Updated: 2024-09-16 16:32
VLAI
Title
Directory Traversal Vulnerability
Summary
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.
Severity
4.9 (Medium)
CWE
- Directory Traversal Vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dell.com/support/article/us/en/04/sln… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108092 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Open Manage System Administrator |
Affected:
9.3 , < 9.3
(custom)
|
Date Public
2019-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Manage System Administrator",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Harrison Neal for reporting this issue."
}
],
"datePublic": "2019-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T18:06:09.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-24T05:00:00.000Z",
"ID": "CVE-2019-3720",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Manage System Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.3",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Harrison Neal for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108092"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3720",
"datePublished": "2019-04-25T20:17:37.154Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:39.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3721 (GCVE-0-2019-3721)
Vulnerability from cvelistv5 – Published: 2019-04-25 20:17 – Updated: 2024-09-16 19:20
VLAI
Title
Improper Range Header Processing Vulnerability
Summary
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system.
Severity
4.3 (Medium)
CWE
- Improper Range Header Vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dell.com/support/article/us/en/04/sln… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108092 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Open Manage System Administrator |
Affected:
9.3 , < 9.3
(custom)
|
Date Public
2019-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Manage System Administrator",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Murat Aydemir of Biznet Billisim A.S. for reporting this issue."
}
],
"datePublic": "2019-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Range Header Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T18:06:09.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Range Header Processing Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-24T05:00:00.000Z",
"ID": "CVE-2019-3721",
"STATE": "PUBLIC",
"TITLE": "Improper Range Header Processing Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Manage System Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.3",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Murat Aydemir of Biznet Billisim A.S. for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Range Header Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108092"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3721",
"datePublished": "2019-04-25T20:17:37.195Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:20:31.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3720 (GCVE-0-2019-3720)
Vulnerability from cvelistv5 – Published: 2019-04-25 20:17 – Updated: 2024-09-16 16:32
VLAI
Title
Directory Traversal Vulnerability
Summary
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.
Severity
4.9 (Medium)
CWE
- Directory Traversal Vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dell.com/support/article/us/en/04/sln… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108092 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Open Manage System Administrator |
Affected:
9.3 , < 9.3
(custom)
|
Date Public
2019-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Manage System Administrator",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Harrison Neal for reporting this issue."
}
],
"datePublic": "2019-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T18:06:09.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108092"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-24T05:00:00.000Z",
"ID": "CVE-2019-3720",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Manage System Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.3",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Harrison Neal for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108092"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3720",
"datePublished": "2019-04-25T20:17:37.154Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:39.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}