CVSS: 9.1EPSS: 44%CPEs: 1EXPL: 3CVE-2020-5377 – Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2020-5377
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station. Dell EMC OpenManage Server Administrator (OMSA) versiones 9.4 y anteriores, contienen múltiples vulnerabilidades de salto de ruta. Un atacante remoto no autenticado podría explotar potencialmente estas vulnerabilidades mediante el envío de una petición Web API diseñada que contenga secuencias de caracteres de salto de directorio para conseguir acceso al sistema de archivos en la estación de administración comprometida • https://www.exploit-db.com/exploits/49750 https://github.com/N3rdyN3xus/CVE-2020-5377 http://packetstormsecurity.com/files/162110/Dell-OpenManage-Server-Administrator-9.4.0.0-File-Read.html https://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability?lang=en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5374
https://notcve.org/view.php?id=CVE-2020-5374
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices. Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) para SCCM y SCVMM versiones anteriores a 7.2.1, contiene una vulnerabilidad de clave embebida. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para conseguir acceso a los datos del dispositivo para dispositivos administrados remotamente • https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en • CWE-256: Plaintext Storage of a Password CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5373
https://notcve.org/view.php?id=CVE-2020-5373
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) para SCCM y SCVMM versiones anteriores a 7.2.1, contiene una vulnerabilidad de autenticación inapropiada. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para recuperar los datos de inventario del sistema del dispositivo administrado • https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5366
https://notcve.org/view.php?id=CVE-2020-5366
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files. Dell EMC iDRAC9 versiones anteriores a 4.20.20.20, contienen una vulnerabilidad de Salto de Ruta. Un usuario malicioso autenticado remoto con pocos privilegios podría explotar esta vulnerabilidad al manipular los parámetros de entrada para conseguir acceso de lectura no autorizado a los archivos arbitrarios • https://www.dell.com/support/article/en-us/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5372
https://notcve.org/view.php?id=CVE-2020-5372
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. Dell EMC PowerStore versiones anteriores a 1.0.1.0.5.002, contiene una vulnerabilidad que expone los puertos de interfaz de prueba hacia una red externa. Un atacante no autenticado remoto podría causar una denegación de servicio por medio de puertos de interfaz de prueba que no son utilizados durante el entorno del tiempo de ejecución • https://www.dell.com/support/security/en-us/details/544738/DSA-2020-159-Dell-EMC-PowerStore-Family-Improper-Authorization-Vulnerability • CWE-863: Incorrect Authorization CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State •