CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34396
https://notcve.org/view.php?id=CVE-2022-34396
Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. • https://www.dell.com/support/kbdoc/en-us/000206609/dsa-2022-321-dell-openmanage-server-administrator-omsa-security-update-for-dll-injection-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21514
https://notcve.org/view.php?id=CVE-2021-21514
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. Dell EMC OpenManage Server Administrator (OMSA) versiones 9.5 y anteriores, contienen una vulnerabilidad de salto de ruta. Un usuario remoto con privilegios de administrador podría explotar esta vulnerabilidad para visualizar archivos arbitrarios en el sistema de destino por medio del envío de una petición de URL especialmente diseñada • https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21513
https://notcve.org/view.php?id=CVE-2021-21513
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. Las instalaciones de Microsoft Windows de Dell EMC OpenManage Server Administrator (OMSA) versión 9.5, con configuración habilitada de Distributed Web Server (DWS) contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para conseguir acceso de administrador en el sistema afectado • https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities https://www.tenable.com/security/research/tra-2021-07 • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 1%CPEs: 1EXPL: 1CVE-2016-4004 – Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal
https://notcve.org/view.php?id=CVE-2016-4004
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. Vulnerabilidad de salto de directorio en Dell OpenManage Server Administrator (OMSA) 8.2 permite a administradores remotos autenticados leer archivos arbitrarios a través de un ..\ (punto punto barra invertida) en el parámetro file en ViewFile. OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/39486 http://www.securitytracker.com/id/1035564 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0740
https://notcve.org/view.php?id=CVE-2013-0740
Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. Vulnerabilidad de redirección abierta en Dell OpenManage Server Administrator (OMSA) anterior a 7.3.0 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro file hacia HelpViewer. • http://osvdb.org/95545 http://secunia.com/advisories/52742 http://www.securityfocus.com/bid/61383 • CWE-20: Improper Input Validation •