OpenCVE

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc Openmanage Enterprise Emc Openmanage Enterprise-modular

Configuration 1 [-]

OR	cpe:2.3:a:dell:emc_openmanage_enterprise::::::::
	cpe:2.3:a:dell:emc_openmanage_enterprise-modular::::::::

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2021-07-19T21:30:32.974439Z

Updated: 2024-09-16T16:38:34.267Z

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5320

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-19T22:15:09.197

Modified: 2024-11-21T05:33:54.327

Link: CVE-2020-5320

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Dell OpenManage Enterprise", "vendor": "Dell", "versions": [{"lessThan": "3.20", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-19T21:30:32", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2020-01-22", "ID": "CVE-2020-5320", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Dell OpenManage Enterprise", "version": {"version_data": [{"version_affected": "<", "version_value": "3.20"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions."}]}, "impact": {"cvss": {"baseScore": 9, "baseSeverity": "Critical", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:22:09.223Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2020-5320", "datePublished": "2021-07-19T21:30:32.974439Z", "dateReserved": "2020-01-03T00:00:00", "dateUpdated": "2024-09-16T16:38:34.267Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_openmanage_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3FC33C-CA85-4F38-914D-331FCAAA478C", "versionEndExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_openmanage_enterprise-modular:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A4BF1BE-2ED0-4388-9B71-D2D4EEB28149", "versionEndExcluding": "1.10.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions."}, {"lang": "es", "value": "Dell EMC OpenManage Enterprise (OME) versiones anteriores a 3.2 y las versiones de OpenManage Enterprise-Modular (OME-M) versiones anteriores a 1.10.00, contiene una vulnerabilidad de inyecci\u00f3n SQL. Un usuario malicioso autenticado remoto y con privilegios elevados podr\u00eda potencialmente explotar esta vulnerabilidad para ejecutar comandos SQL y llevar a cabo acciones no autorizadas"}], "id": "CVE-2020-5320", "lastModified": "2024-11-21T05:33:54.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-19T22:15:09.197", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}