Dell OpenManage Enterprise Vulnerability: Unauthorized Access to Server Files
CVE-2024-25944

7.5HIGH

Key Information:

Vendor: Dell
Status: Dell Openmanage Enterprise
Vendor: CVE Published:; 29 March 2024

Summary

Dell OpenManage Enterprise versions 4.0 and earlier are susceptible to a path traversal vulnerability. This issue allows unauthenticated remote attackers to exploit the system and gain unauthorized access to sensitive files stored on the server's filesystem, leveraging the privileges of the web application's runtime environment. Proper patching and security measures are essential to mitigate this risk.

Affected Version(s)

Dell OpenManage Enterprise <= 4.0

References

https://www.dell.com/support/kbdoc/en-us/000223623/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Feb 13, 2024