DSA-2019-074: Dell EMC OpenManage Server Administrator Multiple Vulnerabilities-DSA

Oversigt: Dell EMC Open Manage Server Administrator has been updated to address multiple vulnerabilities which may be potentially exploited to compromise the system.

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

Critical

Oplysninger

  • XML External Entity (XXE) Injection Vulnerability (CVE-2019-3722)
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.
           
             CVSSv3 Base Score 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
  • Web Parameter Tampering Vulnerability (CVE-2019-3723)
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation.
           
             CVSSv3 Base Score 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
  • XML External Entity (XXE) Injection Vulnerability (CVE-2019-3722)
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.
           
             CVSSv3 Base Score 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
  • Web Parameter Tampering Vulnerability (CVE-2019-3723)
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation.
           
             CVSSv3 Base Score 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

Affected products:
  • Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3
  • Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.2.0.4 
Remediation:      
The following Dell EMC OpenManage Server Administrator releases contain resolutions to these vulnerabilities:
  • Dell EMC OpenManage Server Administrator 9.1.0.3 and later
  • Dell EMC OpenManage Server Administrator 9.2.0.4 and later
  • Dell EMC OpenManage Server Administrator 9.3.0 and later
Dell EMC recommends all customers upgrade at the earliest opportunity.  

Customers can download OpenManage Server Administrator for PowerEdge servers. For all other platforms, please select the platform from the Dell support site.
Affected products:
  • Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3
  • Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.2.0.4 
Remediation:      
The following Dell EMC OpenManage Server Administrator releases contain resolutions to these vulnerabilities:
  • Dell EMC OpenManage Server Administrator 9.1.0.3 and later
  • Dell EMC OpenManage Server Administrator 9.2.0.4 and later
  • Dell EMC OpenManage Server Administrator 9.3.0 and later
Dell EMC recommends all customers upgrade at the earliest opportunity.  

Customers can download OpenManage Server Administrator for PowerEdge servers. For all other platforms, please select the platform from the Dell support site.

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

Dell OpenManage Server Administrator Version 8.4, Dell OpenManage Server Administrator Version 8.5, Dell OpenManage Server Administrator Version 9.0.1, Dell OpenManage Server Administrator Version 9.0.2 , Dell OpenManage Server Administrator Version 9.1, Dell OpenManage Server Administrator Version 8.3, Dell OpenManage Server Administrator Version 6.5 A02, Dell OpenManage Server Administrator Version 7.0, Dell OpenManage Server Administrator Version 7.1, Dell OpenManage Server Administrator Version 7.2, Dell OpenManage Server Administrator Version 7.3, Dell OpenManage Server Administrator Version 7.4, Dell OpenManage Server Administrator Version 8.0.1, Dell OpenManage Server Administrator Version 8.0.2, Dell OpenManage Server Administrator Version 8.1, Dell OpenManage Server Administrator Version 8.2, Dell OpenManage Server Administrator Version 9.1.1, Dell OpenManage Server Administrator Version 9.1.2, Dell OpenManage Server Administrator Version 9.2, Product Security Information ...
Artikelegenskaber
Artikelnummer: 000180635
Artikeltype: Dell Security Advisory
Senest ændret: 19 sep. 2025
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.