DSA-2022-077: Dell OpenManage Enterprise Security Update for an Authorization Bypass Vulnerability
Samenvatting: Dell OpenManage Enterprise remediation is available for an authorization bypass vulnerability that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Critical
Gegevens
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26857 | Dell OpenManage Enterprise versions 3.8.3 and earlier contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | 9.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26857 | Dell OpenManage Enterprise versions 3.8.3 and earlier contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | 9.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Getroffen producten en herstel
| CVE Addressed | Product | Affected Versions | Updated Version(s) | Link to Update |
| CVE-2022-26857 | Dell OpenManage Enterprise | Versions before 3.8.4 | 3.8.4 | See Dell KB article 175879: https://www.dell.com/support/kbdoc/en-us/000175879/support-for-openmanage-enterprise |
| CVE Addressed | Product | Affected Versions | Updated Version(s) | Link to Update |
| CVE-2022-26857 | Dell OpenManage Enterprise | Versions before 3.8.4 | 3.8.4 | See Dell KB article 175879: https://www.dell.com/support/kbdoc/en-us/000175879/support-for-openmanage-enterprise |
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2022-04-18 | Initial Release |
Bevestigingen
Dell would like to thank Bartosz Reginiak for reporting this issue.
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Dell OpenManage Enterprise, Product Security InformationArtikeleigenschappen
Artikelnummer: 000197800
Artikeltype: Dell Security Advisory
Laatst aangepast: 18 apr. 2022
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.