nvd-json-data-feeds/CVE-2019/CVE-2019-37xx/CVE-2019-3720.json

{
  "id": "CVE-2019-3720",
  "sourceIdentifier": "security_alert@emc.com",
  "published": "2019-04-25T21:29:00.637",
  "lastModified": "2024-11-21T04:42:24.053",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters."
    },
    {
      "lang": "es",
      "value": "Las versiones de Dell EMC Open Manage System Administrator (OMSA) anteriores a la 9.3.0 contienen una vulnerabilidad de salto de directorio. Un usuario remoto malicioso autenticado con privilegios de administrador podr\u00eda potencialmente explotar esta vulnerabilidad para obtener acceso no autorizado al sistema de archivos, explotando un saneamiento insuficiente de los par\u00e1metros de entrada."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV30": [
      {
        "source": "security_alert@emc.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "baseScore": 4.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "9.3.0",
              "matchCriteriaId": "B0769F9F-82CC-460C-A7F1-AB91FB9F514F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/108092",
      "source": "security_alert@emc.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en",
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/108092",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}