: CVSSv3 Base Score: 7.9 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L)
- Dell EMC OpenManage Enterprise (OME) versions prior to 3.4
Dell EMC OpenManage Enterprise (OME) has been updated to address a vulnerability that may be exploited to compromise the affected systems.
- Improper Control of Generation of Code (‘Code Injection’) (CVE-2020-5370)
Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.
The following Dell EMC OpenManage Enterprise (OME) release contain the resolution to the vulnerability:
- Dell EMC OpenManage Enterprise (OME) 3.4 and later
Dell EMC recommends all customers upgrade at the earliest opportunity.
Link to remedies
Customers can download for PowerEdge servers
. For all other platforms, please select the platform from the Dell support site
Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.