CVE-2019-3720
published 2019-04-25CVE-2019-3720: Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user…
PriorityP430medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
3.51%
87.8th percentile
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_openmanage_server_administrator | < 9.3.0 | 9.3.0 |
| dell_emc | open_manage_system_administrator | >= 9.3 < 9.3 | 9.3 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv3.04.9MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
ghsa9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pg4g-ch23-5ch7: Dell EMC Open Manage System Administrator (OMSA) versions prior to 9
ghsa_unreviewed·2022-05-24
CVE-2019-3720 [MEDIUM] CWE-22 GHSA-pg4g-ch23-5ch7: Dell EMC Open Manage System Administrator (OMSA) versions prior to 9
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.
GHSA
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
ghsa·2020-02-04·CVSS 9.8
CVE-2019-10172 [CRITICAL] CWE-611 Improper Restriction of XML External Entity Reference in jackson-mapper-asl
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Red Hat
jackson-mapper-asl: XML external entity similar to CVE-2016-3720
vendor_redhat·2019-11-18·CVSS 9.8
CVE-2019-10172 [CRITICAL] CWE-611 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
jackson-mapper-asl: XML external entity similar to CVE-2016-3720
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.
Statement: Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/108092https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=enhttp://www.securityfocus.com/bid/108092https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
2019-04-25
Published