SQL Injection Vulnerability in Dell EMC OpenManage Enterprise and Modular Products
CVE-2020-5320

9CRITICAL

Key Information:

Vendor: Dell
Status: Dell Openmanage Enterprise
Vendor: CVE Published:; 19 July 2021

Summary

The vulnerability found in Dell EMC OpenManage Enterprise and OpenManage Enterprise-Modular prior to specific versions allows remote authenticated users with elevated privileges to execute arbitrary SQL commands. This could enable unauthorized access to sensitive data or manipulation of application functionality, posing significant security risks to affected systems. Organizations using these products should ensure they update to the latest versions to mitigate the potential for exploitation.

Affected Version(s)

Dell OpenManage Enterprise < 3.20

References

https://www.dell.com/support/kbdoc/en-us/000176929/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2021
Vulnerability Reserved
Jan 3, 2020