Vulnerability Details CVE-2020-5370
Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v3 Score 7.9
CVSS v2 Score 6.0
References
Products affected by CVE-2020-5370
-
cpe:2.3:a:dell:emc_openmanage_enterprise:3.0
-
cpe:2.3:a:dell:emc_openmanage_enterprise:3.1
-
cpe:2.3:a:dell:emc_openmanage_enterprise:3.2
-
cpe:2.3:a:dell:emc_openmanage_enterprise:3.2.1
-
cpe:2.3:a:dell:emc_openmanage_enterprise:3.3.1