4 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. • https://www.dell.com/support/kbdoc/en-us/000206609/dsa-2022-321-dell-openmanage-server-administrator-omsa-security-update-for-dll-injection-vulnerability • CWE-427: Uncontrolled Search Path Element •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. Dell EMC OpenManage Server Administrator (OMSA) versiones 9.5 y anteriores, contienen una vulnerabilidad de salto de ruta. Un usuario remoto con privilegios de administrador podría explotar esta vulnerabilidad para visualizar archivos arbitrarios en el sistema de destino por medio del envío de una petición de URL especialmente diseñada • https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. Las instalaciones de Microsoft Windows de Dell EMC OpenManage Server Administrator (OMSA) versión 9.5, con configuración habilitada de Distributed Web Server (DWS) contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para conseguir acceso de administrador en el sistema afectado • https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities https://www.tenable.com/security/research/tra-2021-07 • CWE-287: Improper Authentication •

CVSS: 4.9EPSS: 1%CPEs: 1EXPL: 1

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. Vulnerabilidad de salto de directorio en Dell OpenManage Server Administrator (OMSA) 8.2 permite a administradores remotos autenticados leer archivos arbitrarios a través de un ..\ (punto punto barra invertida) en el parámetro file en ViewFile. OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/39486 http://www.securitytracker.com/id/1035564 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •