Sign-up

ID

VAR-201906-0322


CVE

CVE-2019-3722


TITLE

Dell EMC OpenManage Server Administrator In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-005357

DESCRIPTION

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. Failed exploit attempts will likely cause a denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 2.07

sources: NVD: CVE-2019-3722 // JVNDB: JVNDB-2019-005357 // BID: 108685 // VULHUB: VHN-155157 // VULMON: CVE-2019-3722

AFFECTED PRODUCTS

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.1

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.2

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.2.0.2

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.2.0.1

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.1.0.2

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.1.0.1

Trust: 1.0

vendor:dellmodel:openmanage server administratorscope:ltversion:9.1.0.3

Trust: 0.8

vendor:dellmodel:openmanage server administratorscope:ltversion:9.2.0.4

Trust: 0.8

vendor:dellmodel:emc openmanage server administratorscope:eqversion:7.2

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:eqversion:8.2

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:neversion:9.3

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:neversion:9.2.0.4

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:neversion:9.1.0.3

Trust: 0.3

sources: BID: 108685 // JVNDB: JVNDB-2019-005357 // NVD: CVE-2019-3722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3722
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3722
value: HIGH

Trust: 1.0

NVD: CVE-2019-3722
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-271
value: HIGH

Trust: 0.6

VULHUB: VHN-155157
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-3722
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3722
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-155157
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3722
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-155157 // VULMON: CVE-2019-3722 // JVNDB: JVNDB-2019-005357 // CNNVD: CNNVD-201906-271 // NVD: CVE-2019-3722 // NVD: CVE-2019-3722

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-155157 // JVNDB: JVNDB-2019-005357 // NVD: CVE-2019-3722

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-271

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-271

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005357

PATCH
title:DSA-2019-074url:https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en
Trust: 0.8
title:Dell EMC OpenManage Server Administrator Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93355
Trust: 0.6
title: - url:https://github.com/merlinepedra25/RHINOSECURITY-CVEs 
Trust: 0.1
title: - url:https://github.com/merlinepedra/RHINOECURITY-CVEs 
Trust: 0.1
title: - url:https://github.com/H4cksploit/CVEs-master 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3722 // 
            
            
            
            JVNDB: JVNDB-2019-005357 // 
            
            
            
            CNNVD: CNNVD-201906-271

EXTERNAL IDS
db:BIDid:108685
Trust: 2.9
db:NVDid:CVE-2019-3722
Trust: 2.9
db:JVNDBid:JVNDB-2019-005357
Trust: 0.8
db:CNNVDid:CNNVD-201906-271
Trust: 0.7
db:CNVDid:CNVD-2020-15724
Trust: 0.1
db:VULHUBid:VHN-155157
Trust: 0.1
db:VULMONid:CVE-2019-3722
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155157 // 
            
            
            
            VULMON: CVE-2019-3722 // 
            
            
            
            BID: 108685 // 
            
            
            
            JVNDB: JVNDB-2019-005357 // 
            
            
            
            CNNVD: CNNVD-201906-271 // 
            
            
            
            NVD: CVE-2019-3722

REFERENCES
url:http://www.securityfocus.com/bid/108685
Trust: 2.7
url:https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en
Trust: 2.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-3722
Trust: 1.4
url:http://dell.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3722
Trust: 0.8
url:https://vigilance.fr/vulnerability/dell-emc-openmanage-server-administrator-two-vulnerabilities-29486
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/611.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155157 // 
            
            
            
            VULMON: CVE-2019-3722 // 
            
            
            
            BID: 108685 // 
            
            
            
            JVNDB: JVNDB-2019-005357 // 
            
            
            
            CNNVD: CNNVD-201906-271 // 
            
            
            
            NVD: CVE-2019-3722

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108685

SOURCES
db:VULHUBid:VHN-155157
db:VULMONid:CVE-2019-3722
db:BIDid:108685
db:JVNDBid:JVNDB-2019-005357
db:CNNVDid:CNNVD-201906-271
db:NVDid:CVE-2019-3722

LAST UPDATE DATE
2024-11-23T21:59:52.075000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155157date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-3722date:2019-10-09T00:00:00
db:BIDid:108685date:2019-06-04T00:00:00
db:JVNDBid:JVNDB-2019-005357date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-271date:2019-06-11T00:00:00
db:NVDid:CVE-2019-3722date:2024-11-21T04:42:24.300

SOURCES RELEASE DATE
db:VULHUBid:VHN-155157date:2019-06-06T00:00:00
db:VULMONid:CVE-2019-3722date:2019-06-06T00:00:00
db:BIDid:108685date:2019-06-04T00:00:00
db:JVNDBid:JVNDB-2019-005357date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-271date:2019-06-06T00:00:00
db:NVDid:CVE-2019-3722date:2019-06-06T19:29:00.703