CVE-2019-3723 (GCVE-0-2019-3723)
Vulnerability from cvelistv5 – Published: 2019-06-06 19:14 – Updated: 2024-09-16 19:05
VLAI?
Summary
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation
Severity ?
9.1 (Critical)
CWE
- Web Parameter Tampering Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | OpenManage Server Administrator |
Affected:
9.1.0.3 , < 9.1.0.3
(custom)
Affected: 9.3.0.4 , < 9.3.0.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenManage Server Administrator",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "9.1.0.3",
"status": "affected",
"version": "9.1.0.3",
"versionType": "custom"
},
{
"lessThan": "9.3.0.4",
"status": "affected",
"version": "9.3.0.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Web Parameter Tampering Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T06:06:05",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Web Parameter Tampering Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-06-03T17:00:00.000Z",
"ID": "CVE-2019-3723",
"STATE": "PUBLIC",
"TITLE": "Web Parameter Tampering Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenManage Server Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.1.0.3",
"version_value": "9.1.0.3"
},
{
"version_affected": "\u003c",
"version_name": "9.3.0.4",
"version_value": "9.3.0.4"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Web Parameter Tampering Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
},
{
"name": "108685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108685"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3723",
"datePublished": "2019-06-06T19:14:38.463575Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:05:23.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27A15630-3C36-4160-99E2-76B8B29EC6E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0464BDE-2461-4ECB-BA4E-4E92A80F6808\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C76D0E62-E7CB-43DE-90B4-FF92D4AFC9DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3463683-F756-4581-A39C-24AA74982242\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"729D5479-F7ED-48DF-A206-62A2EAFFCF43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C66F3E6-465A-4465-A686-0698E81062ED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation\"}, {\"lang\": \"es\", \"value\": \"Las versiones de Dell EMC OpenManage Server Administrator (OMSA) anteriores a 9.1.0.3 y anteriores a 9.2.0.4 contienen una vulnerabilidad de manipulaci\\u00f3n de par\\u00e1metros web. Un atacante remoto no identificado podr\\u00eda potencialmente manipular los par\\u00e1metros de las solicitudes web a OMSA para crear archivos arbitrarios con contenido vac\\u00edo o eliminar el contenido de cualquier archivo existente, debido a una validaci\\u00f3n incorrecta de los par\\u00e1metros de entrada\"}]",
"id": "CVE-2019-3723",
"lastModified": "2024-11-21T04:42:24.417",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-06-06T19:29:00.750",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/108685\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/108685\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-3723\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2019-06-06T19:29:00.750\",\"lastModified\":\"2024-11-21T04:42:24.417\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation\"},{\"lang\":\"es\",\"value\":\"Las versiones de Dell EMC OpenManage Server Administrator (OMSA) anteriores a 9.1.0.3 y anteriores a 9.2.0.4 contienen una vulnerabilidad de manipulaci\u00f3n de par\u00e1metros web. Un atacante remoto no identificado podr\u00eda potencialmente manipular los par\u00e1metros de las solicitudes web a OMSA para crear archivos arbitrarios con contenido vac\u00edo o eliminar el contenido de cualquier archivo existente, debido a una validaci\u00f3n incorrecta de los par\u00e1metros de entrada\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27A15630-3C36-4160-99E2-76B8B29EC6E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0464BDE-2461-4ECB-BA4E-4E92A80F6808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76D0E62-E7CB-43DE-90B4-FF92D4AFC9DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3463683-F756-4581-A39C-24AA74982242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"729D5479-F7ED-48DF-A206-62A2EAFFCF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C66F3E6-465A-4465-A686-0698E81062ED\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/108685\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…