Directory Traversal Vulnerability in Dell OpenManage Server Administrator
CVE-2016-4004

4.9MEDIUM

Key Information:

Vendor: Dell
Status: Openmanage Server Administrator
Vendor: CVE Published:; 12 April 2016

Badges

👾 Exploit Exists🟣 EPSS 15%

Summary

A directory traversal vulnerability exists in Dell OpenManage Server Administrator (OMSA) version 8.2, allowing remote authenticated administrators to access arbitrary files. This can occur through the manipulation of the file parameter by using a '..' (dot dot backslash) sequence, bypassing intended access restrictions and potentially exposing sensitive information.

References

http://www.securitytracker.com/id/1035564

vdb-entryx_refsource_SECTRACK

https://www.exploit-db.com/exploits/39486/

exploitx_refsource_EXPLOIT-DB

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 30, 2022
👾
Exploit known to exist
Nov 30, 2022
Vulnerability published
Apr 12, 2016
Vulnerability Reserved
Apr 12, 2016