Sign-up

ID

VAR-201906-0323


CVE

CVE-2019-3723


TITLE

Dell EMC OpenManage Server Administrator Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005358

DESCRIPTION

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation. Failed exploit attempts will likely cause a denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc

Trust: 1.98

sources: NVD: CVE-2019-3723 // JVNDB: JVNDB-2019-005358 // BID: 108685 // VULHUB: VHN-155158

AFFECTED PRODUCTS

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.1

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.2

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.2.0.2

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.2.0.1

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.1.0.2

Trust: 1.0

vendor:dellmodel:emc openmanage server administratorscope:eqversion:9.1.0.1

Trust: 1.0

vendor:dellmodel:openmanage server administratorscope:ltversion:9.1.0.3

Trust: 0.8

vendor:dellmodel:openmanage server administratorscope:ltversion:9.2.0.4

Trust: 0.8

vendor:dellmodel:emc openmanage server administratorscope:eqversion:7.2

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:eqversion:8.2

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:neversion:9.3

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:neversion:9.2.0.4

Trust: 0.3

vendor:dellmodel:emc openmanage server administratorscope:neversion:9.1.0.3

Trust: 0.3

sources: BID: 108685 // JVNDB: JVNDB-2019-005358 // NVD: CVE-2019-3723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3723
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2019-3723
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3723
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201906-272
value: CRITICAL

Trust: 0.6

VULHUB: VHN-155158
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3723
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155158
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3723
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-155158 // JVNDB: JVNDB-2019-005358 // CNNVD: CNNVD-201906-272 // NVD: CVE-2019-3723 // NVD: CVE-2019-3723

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-155158 // JVNDB: JVNDB-2019-005358 // NVD: CVE-2019-3723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-272

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108685 // CNNVD: CNNVD-201906-272

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005358

PATCH
title:DSA-2019-074url:https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en
Trust: 0.8
title:Dell EMC OpenManage Server Administrator Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93356
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005358 // 
            
            
            
            CNNVD: CNNVD-201906-272

EXTERNAL IDS
db:BIDid:108685
Trust: 2.8
db:NVDid:CVE-2019-3723
Trust: 2.8
db:JVNDBid:JVNDB-2019-005358
Trust: 0.8
db:CNNVDid:CNNVD-201906-272
Trust: 0.7
db:CNVDid:CNVD-2020-15723
Trust: 0.1
db:VULHUBid:VHN-155158
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155158 // 
            
            
            
            BID: 108685 // 
            
            
            
            JVNDB: JVNDB-2019-005358 // 
            
            
            
            CNNVD: CNNVD-201906-272 // 
            
            
            
            NVD: CVE-2019-3723

REFERENCES
url:http://www.securityfocus.com/bid/108685
Trust: 2.5
url:https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-3723
Trust: 1.4
url:http://dell.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3723
Trust: 0.8
url:https://vigilance.fr/vulnerability/dell-emc-openmanage-server-administrator-two-vulnerabilities-29486
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155158 // 
            
            
            
            BID: 108685 // 
            
            
            
            JVNDB: JVNDB-2019-005358 // 
            
            
            
            CNNVD: CNNVD-201906-272 // 
            
            
            
            NVD: CVE-2019-3723

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108685

SOURCES
db:VULHUBid:VHN-155158
db:BIDid:108685
db:JVNDBid:JVNDB-2019-005358
db:CNNVDid:CNNVD-201906-272
db:NVDid:CVE-2019-3723

LAST UPDATE DATE
2024-11-23T21:59:52.109000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155158date:2019-10-09T00:00:00
db:BIDid:108685date:2019-06-04T00:00:00
db:JVNDBid:JVNDB-2019-005358date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-272date:2019-06-11T00:00:00
db:NVDid:CVE-2019-3723date:2024-11-21T04:42:24.417

SOURCES RELEASE DATE
db:VULHUBid:VHN-155158date:2019-06-06T00:00:00
db:BIDid:108685date:2019-06-04T00:00:00
db:JVNDBid:JVNDB-2019-005358date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-272date:2019-06-06T00:00:00
db:NVDid:CVE-2019-3723date:2019-06-06T19:29:00.750