Vulnerability Details CVE-2020-5377
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.794
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://packetstormsecurity.com/files/162110/Dell-OpenManage-Server-Administrator-9.4.0.0-File-Read.html
- https://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability?lang=en
- http://packetstormsecurity.com/files/162110/Dell-OpenManage-Server-Administrator-9.4.0.0-File-Read.html
- https://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability?lang=en
Products affected by CVE-2020-5377
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.3.0
-
cpe:2.3:a:dell:emc_openmanage_server_administrator:9.4