CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34396
https://notcve.org/view.php?id=CVE-2022-34396
Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. • https://www.dell.com/support/kbdoc/en-us/000206609/dsa-2022-321-dell-openmanage-server-administrator-omsa-security-update-for-dll-injection-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21513
https://notcve.org/view.php?id=CVE-2021-21513
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. Las instalaciones de Microsoft Windows de Dell EMC OpenManage Server Administrator (OMSA) versión 9.5, con configuración habilitada de Distributed Web Server (DWS) contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para conseguir acceso de administrador en el sistema afectado • https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities https://www.tenable.com/security/research/tra-2021-07 • CWE-287: Improper Authentication •