Details of VAR-202010-1140

ID

VAR-202010-1140

CVE

CVE-2020-5389

TITLE

Dell EMC OpenManage Integration for Microsoft System Center for SCCM and SCVMM Vulnerability related to information disclosure from log files

Trust: 0.8

sources: JVNDB: JVNDB-2020-012272

DESCRIPTION

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs. Dell EMC OpenManage Integration is a driver for a virtualization management console of Dell. Tools and tasks related to managing and deploying servers in virtual environments are simplified. This vulnerability originates from the abnormal output of log files of network systems or products

Trust: 1.71

sources: NVD: CVE-2020-5389 // JVNDB: JVNDB-2020-012272 // VULHUB: VHN-183514

AFFECTED PRODUCTS

vendor:	dell	model:	emc openmanage integration for microsoft system center	scope:	lt	version:	7.2.1	Trust: 1.0
vendor:	デル	model:	emc omimssc for sccm	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc omimssc for scvmm	scope:	lt	version:	7.2.1 less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-012272 // NVD: CVE-2020-5389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5389
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-5389
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-5389
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202010-220
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-183514
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5389
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-183514
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5389
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-5389
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2020-5389
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183514 // JVNDB: JVNDB-2020-012272 // CNNVD: CNNVD-202010-220 // NVD: CVE-2020-5389 // NVD: CVE-2020-5389

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.1
problemtype:	Information leakage from log files (CWE-532) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-183514 // JVNDB: JVNDB-2020-012272 // NVD: CVE-2020-5389

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-220

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202010-220

PATCH

title:	DSA-2020-224	url:	https://www.dell.com/support/article/en-de/sln322859/dsa-2020-224-dell-emc-openmanage-integration-for-microsoft-system-center-information-disclosure-vulnerability?lang=en	Trust: 0.8
title:	Dell EMC OpenManage Integration Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131101	Trust: 0.6

sources: JVNDB: JVNDB-2020-012272 // CNNVD: CNNVD-202010-220

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5389	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-012272	Trust: 0.8
db:	NSFOCUS	id:	50628	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-220	Trust: 0.6
db:	VULHUB	id:	VHN-183514	Trust: 0.1

sources: VULHUB: VHN-183514 // JVNDB: JVNDB-2020-012272 // CNNVD: CNNVD-202010-220 // NVD: CVE-2020-5389

REFERENCES

url:	https://www.dell.com/support/article/en-de/sln322859/dsa-2020-224-dell-emc-openmanage-integration-for-microsoft-system-center-information-disclosure-vulnerability?lang=en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5389	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-openmanage-integration-for-microsoft-system-center-code-execution-33490	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50628	Trust: 0.6

sources: VULHUB: VHN-183514 // JVNDB: JVNDB-2020-012272 // CNNVD: CNNVD-202010-220 // NVD: CVE-2020-5389

SOURCES

db:	VULHUB	id:	VHN-183514
db:	JVNDB	id:	JVNDB-2020-012272
db:	CNNVD	id:	CNNVD-202010-220
db:	NVD	id:	CVE-2020-5389

LAST UPDATE DATE

2024-11-23T23:07:48.048000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183514	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012272	date:	2021-04-28T07:36:00
db:	CNNVD	id:	CNNVD-202010-220	date:	2020-11-18T00:00:00
db:	NVD	id:	CVE-2020-5389	date:	2024-11-21T05:34:02.833

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183514	date:	2020-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-012272	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202010-220	date:	2020-10-08T00:00:00
db:	NVD	id:	CVE-2020-5389	date:	2020-10-08T15:15:12.827