CVE-2019-3722
Severity CVSS v4.0:
Pending analysis
Type:
CWE-611
Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
06/06/2019
Last modified:
09/10/2019
Description
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page