cvelistv5 - cve-2019-3722

CVE-2019-3722 (GCVE-0-2019-3722)

Vulnerability from cvelistv5 – Published: 2019-06-06 19:13 – Updated: 2024-09-16 17:22

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

XML External Entity (XXE) Injection Vulnerability

Assigner

dell

References

URL

Tags

	https://www.dell.com/support/article/us/en/04/sln…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/108685	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Dell EMC	OpenManage Server Administrator	Affected: 9.1.0.3 , < 9.1.0.3 (custom) Affected: 9.3.0.4 , < 9.3.0.4 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
          },
          {
            "name": "108685",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108685"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenManage Server Administrator",
          "vendor": "Dell EMC",
          "versions": [
            {
              "lessThan": "9.1.0.3",
              "status": "affected",
              "version": "9.1.0.3",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.0.4",
              "status": "affected",
              "version": "9.3.0.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML External Entity (XXE) Injection Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-10T06:06:05",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
        },
        {
          "name": "108685",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108685"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "XML External Entity (XXE) Injection Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2019-06-03T17:00:00.000Z",
          "ID": "CVE-2019-3722",
          "STATE": "PUBLIC",
          "TITLE": "XML External Entity (XXE) Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenManage Server Administrator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.1.0.3",
                            "version_value": "9.1.0.3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.3.0.4",
                            "version_value": "9.3.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE) Injection Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
              "refsource": "CONFIRM",
              "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
            },
            {
              "name": "108685",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108685"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3722",
    "datePublished": "2019-06-06T19:13:51.076423Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:22:35.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27A15630-3C36-4160-99E2-76B8B29EC6E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0464BDE-2461-4ECB-BA4E-4E92A80F6808\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C76D0E62-E7CB-43DE-90B4-FF92D4AFC9DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3463683-F756-4581-A39C-24AA74982242\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"729D5479-F7ED-48DF-A206-62A2EAFFCF43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C66F3E6-465A-4465-A686-0698E81062ED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.\"}, {\"lang\": \"es\", \"value\": \"Las versiones de Dell EMC OpenManage Server Administrator (OMSA) anteriores a 9.1.0.3 y anteriores a 9.2.0.4 contienen una vulnerabilidad de inyecci\\u00f3n de entidad externa XML (XXE). Un atacante remoto no identificado podr\\u00eda potencialmente aprovechar  esta vulnerabilidad para leer archivos arbitrarios del sistema del servidor al proporcionar definiciones de tipo de documento especialmente dise\\u00f1adas (DTD) en una solicitud XML.\"}]",
      "id": "CVE-2019-3722",
      "lastModified": "2024-11-21T04:42:24.300",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-06-06T19:29:00.703",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/108685\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/108685\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3722\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2019-06-06T19:29:00.703\",\"lastModified\":\"2024-11-21T04:42:24.300\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.\"},{\"lang\":\"es\",\"value\":\"Las versiones de Dell EMC OpenManage Server Administrator (OMSA) anteriores a 9.1.0.3 y anteriores a 9.2.0.4 contienen una vulnerabilidad de inyecci\u00f3n de entidad externa XML (XXE). Un atacante remoto no identificado podr\u00eda potencialmente aprovechar  esta vulnerabilidad para leer archivos arbitrarios del sistema del servidor al proporcionar definiciones de tipo de documento especialmente dise\u00f1adas (DTD) en una solicitud XML.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27A15630-3C36-4160-99E2-76B8B29EC6E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0464BDE-2461-4ECB-BA4E-4E92A80F6808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76D0E62-E7CB-43DE-90B4-FF92D4AFC9DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3463683-F756-4581-A39C-24AA74982242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"729D5479-F7ED-48DF-A206-62A2EAFFCF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C66F3E6-465A-4465-A686-0698E81062ED\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/108685\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-W53R-J3P6-Q2W6

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:53

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-06T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.",
  "id": "GHSA-w53r-j3p6-q2w6",
  "modified": "2024-04-04T00:53:30Z",
  "published": "2022-05-24T16:47:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3722"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108685"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2019-3722

Vulnerability from fkie_nvd - Published: 2019-06-06 19:29 - Updated: 2024-11-21 04:42

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/bid/108685	Third Party Advisory
security_alert@emc.com	https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108685	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en	Vendor Advisory

Impacted products

Vendor	Product	Version
dell	emc_openmanage_server_administrator	9.1
dell	emc_openmanage_server_administrator	9.1.0.1
dell	emc_openmanage_server_administrator	9.1.0.2
dell	emc_openmanage_server_administrator	9.2
dell	emc_openmanage_server_administrator	9.2.0.1
dell	emc_openmanage_server_administrator	9.2.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A15630-3C36-4160-99E2-76B8B29EC6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0464BDE-2461-4ECB-BA4E-4E92A80F6808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76D0E62-E7CB-43DE-90B4-FF92D4AFC9DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3463683-F756-4581-A39C-24AA74982242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "729D5479-F7ED-48DF-A206-62A2EAFFCF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C66F3E6-465A-4465-A686-0698E81062ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
    },
    {
      "lang": "es",
      "value": "Las versiones de Dell EMC OpenManage Server Administrator (OMSA) anteriores a 9.1.0.3 y anteriores a 9.2.0.4 contienen una vulnerabilidad de inyecci\u00f3n de entidad externa XML (XXE). Un atacante remoto no identificado podr\u00eda potencialmente aprovechar  esta vulnerabilidad para leer archivos arbitrarios del sistema del servidor al proporcionar definiciones de tipo de documento especialmente dise\u00f1adas (DTD) en una solicitud XML."
    }
  ],
  "id": "CVE-2019-3722",
  "lastModified": "2024-11-21T04:42:24.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T19:29:00.703",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/108685"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/108685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201906-0322

Vulnerability from variot - Updated: 2023-12-18 13:08

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. Failed exploit attempts will likely cause a denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0322",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.2.0.2"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.2"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.2.0.1"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.1"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.1.0.1"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.1.0.2"
      },
      {
        "model": "openmanage server administrator",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell",
        "version": "9.1.0.3"
      },
      {
        "model": "openmanage server administrator",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell",
        "version": "9.2.0.4"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "7.2"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "8.2"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "9.3"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "9.2.0.4"
      },
      {
        "model": "emc openmanage server administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "9.1.0.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108685"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "108685"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-3722",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-3722",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-155157",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-3722",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-3722",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2019-3722",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-271",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-155157",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-3722",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3722"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. Failed exploit  attempts will likely cause a  denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "BID",
        "id": "108685"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3722"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "108685",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-15724",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-155157",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3722",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3722"
      },
      {
        "db": "BID",
        "id": "108685"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ]
  },
  "id": "VAR-201906-0322",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155157"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:08:03.791000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2019-074",
        "trust": 0.8,
        "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
      },
      {
        "title": "Dell EMC OpenManage Server Administrator Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93355"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra25/rhinosecurity-cves "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra/rhinoecurity-cves "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/h4cksploit/cves-master "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-3722"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-611",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.securityfocus.com/bid/108685"
      },
      {
        "trust": 2.1,
        "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3722"
      },
      {
        "trust": 0.9,
        "url": "http://dell.com"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3722"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/dell-emc-openmanage-server-administrator-two-vulnerabilities-29486"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/611.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3722"
      },
      {
        "db": "BID",
        "id": "108685"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3722"
      },
      {
        "db": "BID",
        "id": "108685"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3722"
      },
      {
        "date": "2019-06-04T00:00:00",
        "db": "BID",
        "id": "108685"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "date": "2019-06-06T19:29:00.703000",
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155157"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3722"
      },
      {
        "date": "2019-06-04T00:00:00",
        "db": "BID",
        "id": "108685"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      },
      {
        "date": "2019-10-09T23:49:30.990000",
        "db": "NVD",
        "id": "CVE-2019-3722"
      },
      {
        "date": "2019-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC OpenManage Server Administrator In  XML External entity vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005357"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-271"
      }
    ],
    "trust": 0.6
  }
}

GSD-2019-3722

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-3722

Aliases

CVE-2019-3722

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3722",
    "description": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.",
    "id": "GSD-2019-3722"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3722"
      ],
      "details": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.",
      "id": "GSD-2019-3722",
      "modified": "2023-12-13T01:24:04.552484Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "DATE_PUBLIC": "2019-06-03T17:00:00.000Z",
        "ID": "CVE-2019-3722",
        "STATE": "PUBLIC",
        "TITLE": "XML External Entity (XXE) Injection Vulnerability "
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OpenManage Server Administrator",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.1.0.3",
                          "version_value": "9.1.0.3"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.3.0.4",
                          "version_value": "9.3.0.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell EMC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "XML External Entity (XXE) Injection Vulnerability "
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
            "refsource": "CONFIRM",
            "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
          },
          {
            "name": "108685",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108685"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2019-3722"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
            },
            {
              "name": "108685",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/108685"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:49Z",
      "publishedDate": "2019-06-06T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3722 (GCVE-0-2019-3722)

GHSA-W53R-J3P6-Q2W6

FKIE_CVE-2019-3722

VAR-201906-0322

GSD-2019-3722

Tags

Sightings

Nomenclature