Ir al contenido principal
Cerrar sesión

Le damos la bienvenida a Dell

Mi cuenta
  • Realice pedidos rápida y fácilmente.
  • Vea los pedidos y haga el seguimiento del estado del envío.
  • Cree una lista de sus productos y acceda a ella
  • Gestione sus sitios, productos y contactos a nivel de producto de Dell EMC con la administración de empresa.
Iniciar sesión Crear una cuenta Inicio de sesión en Premier Iniciar sesión en el programa para socios
Contáctenos

Sus carritos de Dell.com

Número de artículo: 000129125

DSA-2019-074: Dell EMC OpenManage Server Administrator Multiple Vulnerabilities

Resumen: Dell EMC Open Manage Server Administrator has been updated to address multiple vulnerabilities which may be potentially exploited to compromise the system.

Es posible que este artículo se haya traducido automáticamente. Si nos quiere hacer llegar algún comentario sobre la calidad de la traducción, utilice el formulario ubicado en la parte inferior de la página.

Contenido del artículo

Síntomas

DSA ID: DSA-2019-074

CVE Identifier: CVE-2019-3722 and CVE-2019-3723

Severity: Critical

Severity Rating: See Details section below of individual CVSS Scores for each CVE
                         
Affected products:
 
  • Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3
  • Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.2.0.4  

Summary:  
Dell EMC OpenManage System Administrator has been updated to address multiple security vulnerabilities which may potentially be exploited to compromise the system.

Details:  
  • XML External Entity (XXE) Injection Vulnerability (CVE-2019-3722)
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.

           
             CVSSv3 Base Score 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
  • Web Parameter Tampering Vulnerability (CVE-2019-3723)
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation.

           
             CVSSv3 Base Score 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Resolution:      
The following Dell EMC OpenManage Server Administrator releases contain resolutions to these vulnerabilities:
  • Dell EMC OpenManage Server Administrator 9.1.0.3 and later
  • Dell EMC OpenManage Server Administrator 9.2.0.4 and later
  • Dell EMC OpenManage Server Administrator 9.3.0 and later

Dell EMC recommends all customers upgrade at the earliest opportunity.  


Link to remedies:

Customers can download OpenManage Server Administrator for PowerEdge servers. For all other platforms, please select the platform from the Dell support site.


Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Propiedades del artículo

Fecha de la última publicación

20 nov 2020

Versión

2

Tipo de artículo

Solution

Volver al principio