Summary
| Detail | |||
|---|---|---|---|
| Vendor | Dell | First view | 2012-11-15 |
| Product | Openmanage Server Administrator | Last view | 2023-02-01 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2023-02-01 | CVE-2022-34396 | Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. |
| 4.9 | 2021-03-02 | CVE-2021-21514 | Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. |
| 9.8 | 2021-03-02 | CVE-2021-21513 | Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. |
| 4.9 | 2016-04-12 | CVE-2016-4004 | Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. |
| 5.8 | 2014-04-10 | CVE-2013-0740 | Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. |
| 4.3 | 2013-01-25 | CVE-2012-6272 | Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/. |
| 4.3 | 2012-11-15 | CVE-2012-4955 | Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 28% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 14% (1) | CWE-427 | Uncontrolled Search Path Element |
| 14% (1) | CWE-287 | Improper Authentication |
| 14% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-07-29 | Name: A web application hosted on the remote web server is affected by a directory ... File: dell_openmanage_CVE-2016-4004.nasl - Type: ACT_GATHER_INFO |
| 2013-01-11 | Name: A web application hosted on the remote web server has a cross-site scripting ... File: dell_openmanage_dom_xss2.nasl - Type: ACT_ATTACK |
| 2012-11-20 | Name: A web application hosted on the remote web server has a cross-site scripting ... File: dell_openmanage_dom_xss.nasl - Type: ACT_ATTACK |
