nvd-json-data-feeds/CVE-2019/CVE-2019-37xx/CVE-2019-3722.json

{
  "id": "CVE-2019-3722",
  "sourceIdentifier": "security_alert@emc.com",
  "published": "2019-06-06T19:29:00.703",
  "lastModified": "2019-10-09T23:49:30.990",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
    },
    {
      "lang": "es",
      "value": "Las versiones de Dell EMC OpenManage Server Administrator (OMSA) anteriores a 9.1.0.3 y anteriores a 9.2.0.4 contienen una vulnerabilidad de inyecci\u00f3n de entidad externa XML (XXE). Un atacante remoto no identificado podr\u00eda potencialmente aprovechar  esta vulnerabilidad para leer archivos arbitrarios del sistema del servidor al proporcionar definiciones de tipo de documento especialmente dise\u00f1adas (DTD) en una solicitud XML."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      },
      {
        "source": "security_alert@emc.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A15630-3C36-4160-99E2-76B8B29EC6E3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0464BDE-2461-4ECB-BA4E-4E92A80F6808"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76D0E62-E7CB-43DE-90B4-FF92D4AFC9DE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3463683-F756-4581-A39C-24AA74982242"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "729D5479-F7ED-48DF-A206-62A2EAFFCF43"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:9.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C66F3E6-465A-4465-A686-0698E81062ED"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/108685",
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}