DSA-2022-077: Dell OpenManage Enterprise Security Update for an Authorization Bypass Vulnerability
Summary: Dell OpenManage Enterprise remediation is available for an authorization bypass vulnerability that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26857 | Dell OpenManage Enterprise versions 3.8.3 and earlier contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | 9.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26857 | Dell OpenManage Enterprise versions 3.8.3 and earlier contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | 9.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Affected Products & Remediation
| CVE Addressed | Product | Affected Versions | Updated Version(s) | Link to Update |
| CVE-2022-26857 | Dell OpenManage Enterprise | Versions before 3.8.4 | 3.8.4 | See Dell KB article 175879: https://www.dell.com/support/kbdoc/en-us/000175879/support-for-openmanage-enterprise |
| CVE Addressed | Product | Affected Versions | Updated Version(s) | Link to Update |
| CVE-2022-26857 | Dell OpenManage Enterprise | Versions before 3.8.4 | 3.8.4 | See Dell KB article 175879: https://www.dell.com/support/kbdoc/en-us/000175879/support-for-openmanage-enterprise |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-04-18 | Initial Release |
Acknowledgements
Dell would like to thank Bartosz Reginiak for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Dell OpenManage Enterprise, Product Security InformationArticle Properties
Article Number: 000197800
Article Type: Dell Security Advisory
Last Modified: 18 Apr 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.