// For flags

CVE-2019-3722

XML External Entity (XXE) Injection Vulnerability

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.

Las versiones de Dell EMC OpenManage Server Administrator (OMSA) anteriores a 9.1.0.3 y anteriores a 9.2.0.4 contienen una vulnerabilidad de inyección de entidad externa XML (XXE). Un atacante remoto no identificado podría potencialmente aprovechar esta vulnerabilidad para leer archivos arbitrarios del sistema del servidor al proporcionar definiciones de tipo de documento especialmente diseñadas (DTD) en una solicitud XML.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2019-06-06 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
 Emc Openmanage Server Administrator
Search vendor "Dell" for product "Emc Openmanage Server Administrator"
 9.1
Search vendor "Dell" for product "Emc Openmanage Server Administrator" and version "9.1"
-
Affected
Dell
Search vendor "Dell"
 Emc Openmanage Server Administrator
Search vendor "Dell" for product "Emc Openmanage Server Administrator"
 9.1.0.1
Search vendor "Dell" for product "Emc Openmanage Server Administrator" and version "9.1.0.1"
-
Affected
Dell
Search vendor "Dell"
 Emc Openmanage Server Administrator
Search vendor "Dell" for product "Emc Openmanage Server Administrator"
 9.1.0.2
Search vendor "Dell" for product "Emc Openmanage Server Administrator" and version "9.1.0.2"
-
Affected
Dell
Search vendor "Dell"
 Emc Openmanage Server Administrator
Search vendor "Dell" for product "Emc Openmanage Server Administrator"
 9.2
Search vendor "Dell" for product "Emc Openmanage Server Administrator" and version "9.2"
-
Affected
Dell
Search vendor "Dell"
 Emc Openmanage Server Administrator
Search vendor "Dell" for product "Emc Openmanage Server Administrator"
 9.2.0.1
Search vendor "Dell" for product "Emc Openmanage Server Administrator" and version "9.2.0.1"
-
Affected
Dell
Search vendor "Dell"
 Emc Openmanage Server Administrator
Search vendor "Dell" for product "Emc Openmanage Server Administrator"
 9.2.0.2
Search vendor "Dell" for product "Emc Openmanage Server Administrator" and version "9.2.0.2"
-
Affected