CVE-2019-3720 - OpenCVE

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc Openmanage Server Administrator

Configuration 1 [-]

cpe:2.3:a:dell:emc_openmanage_server_administrator:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/108092
https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2019-04-25T20:17:37.154067Z

Updated: 2024-09-16T16:32:39.543Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3720

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-25T21:29:00.637

Modified: 2023-02-10T02:23:30.887

Link: CVE-2019-3720

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Open Manage System Administrator", "vendor": "Dell EMC", "versions": [{"lessThan": "9.3", "status": "affected", "version": "9.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Dell EMC would like to thank Harrison Neal for reporting this issue."}], "datePublic": "2019-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Directory Traversal Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-29T18:06:09", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"}, {"name": "108092", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108092"}], "source": {"discovery": "UNKNOWN"}, "title": "Directory Traversal Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-04-24T05:00:00.000Z", "ID": "CVE-2019-3720", "STATE": "PUBLIC", "TITLE": "Directory Traversal Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Open Manage System Administrator", "version": {"version_data": [{"version_affected": "<", "version_name": "9.3", "version_value": "9.3"}]}}]}, "vendor_name": "Dell EMC"}]}}, "credit": [{"lang": "eng", "value": "Dell EMC would like to thank Harrison Neal for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory Traversal Vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en", "refsource": "MISC", "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"}, {"name": "108092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108092"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:17.870Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"}, {"name": "108092", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108092"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2019-3720", "datePublished": "2019-04-25T20:17:37.154067Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T16:32:39.543Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0769F9F-82CC-460C-A7F1-AB91FB9F514F", "versionEndExcluding": "9.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."}, {"lang": "es", "value": "Las versiones de Dell EMC Open Manage System Administrator (OMSA) anteriores a la 9.3.0 contienen una vulnerabilidad de salto de directorio. Un usuario remoto malicioso autenticado con privilegios de administrador podr\u00eda potencialmente explotar esta vulnerabilidad para obtener acceso no autorizado al sistema de archivos, explotando un saneamiento insuficiente de los par\u00e1metros de entrada."}], "id": "CVE-2019-3720", "lastModified": "2023-02-10T02:23:30.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-25T21:29:00.637", "references": [{"source": "security_alert@emc.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108092"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}