VAR-201904-0308
Vulnerability from variot - Updated: 2023-12-18 12:36Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application and cause denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc openmanage server administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.3.0"
},
{
"model": "openmanage server administrator",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "9.3.0"
},
{
"model": "emc open manage system administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "9.2"
},
{
"model": "emc open manage system administrator",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "9.3"
}
],
"sources": [
{
"db": "BID",
"id": "108092"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "NVD",
"id": "CVE-2019-3720"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:emc_openmanage_server_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Harrison Neal and Murat Aydemir of Biznet Billisim A.S.,Murat Aydemir of Biznet Billisim A.S. ?? ??",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3720",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-155155",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3720",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3720",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3720",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1206",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155155",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155155"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters. \nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files from the affected system in the context of the application and cause denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "BID",
"id": "108092"
},
{
"db": "VULHUB",
"id": "VHN-155155"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3720",
"trust": 2.8
},
{
"db": "BID",
"id": "108092",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1206",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "43190",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155155",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155155"
},
{
"db": "BID",
"id": "108092"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
]
},
"id": "VAR-201904-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155155"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:17.112000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-060",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"title": "Dell EMC OpenManage System Administrator Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92020"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155155"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "NVD",
"id": "CVE-2019-3720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/108092"
},
{
"trust": 1.7,
"url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3720"
},
{
"trust": 0.9,
"url": "https://www.dellemc.com/en-us/index.htm"
},
{
"trust": 0.9,
"url": "https://www.dell.com/support/article/us/en/19/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3720"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43190"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155155"
},
{
"db": "BID",
"id": "108092"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155155"
},
{
"db": "BID",
"id": "108092"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-155155"
},
{
"date": "2019-04-24T00:00:00",
"db": "BID",
"id": "108092"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"date": "2019-04-25T21:29:00.637000",
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-155155"
},
{
"date": "2019-04-24T00:00:00",
"db": "BID",
"id": "108092"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004181"
},
{
"date": "2023-02-10T02:23:30.887000",
"db": "NVD",
"id": "CVE-2019-3720"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC Open Manage System Administrator Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004181"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1206"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…