5 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. • https://www.dell.com/support/kbdoc/en-us/000206609/dsa-2022-321-dell-openmanage-server-administrator-omsa-security-update-for-dll-injection-vulnerability • CWE-427: Uncontrolled Search Path Element •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. Dell EMC OpenManage Server Administrator (OMSA) versiones 9.5 y anteriores, contienen una vulnerabilidad de salto de ruta. Un usuario remoto con privilegios de administrador podría explotar esta vulnerabilidad para visualizar archivos arbitrarios en el sistema de destino por medio del envío de una petición de URL especialmente diseñada • https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. Las instalaciones de Microsoft Windows de Dell EMC OpenManage Server Administrator (OMSA) versión 9.5, con configuración habilitada de Distributed Web Server (DWS) contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para conseguir acceso de administrador en el sistema afectado • https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities https://www.tenable.com/security/research/tra-2021-07 • CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. Vulnerabilidad de redirección abierta en Dell OpenManage Server Administrator (OMSA) anterior a 7.3.0 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro file hacia HelpViewer. • http://osvdb.org/95545 http://secunia.com/advisories/52742 http://www.securityfocus.com/bid/61383 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Dell OpenManage Server Administrator (OMSA) antes de v6.5.0.1, v7.0 antes de v7.0.0.1 y v7.1 antes de v7.1.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/87405 http://secunia.com/advisories/51297 http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694 http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338 http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344 http://www.kb.cert.org/vuls/id/558132 http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •