ID
VAR-201604-0117
CVE
CVE-2016-4004
TITLE
Dell OpenManage Server Administrator Vulnerable to directory traversal
Trust: 0.8
DESCRIPTION
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. Dell OpenManage Server Administrator is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability using directory-traversal characters ('../') to perform unauthorized actions. Dell OpenManage Server Administrator 8.2 is vulnerable; other versions may also be affected. The solution supports online diagnosis, system operation detection, equipment management, etc
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | dell | model: | openmanage server administrator | scope: | eq | version: | 8.2 | Trust: 2.4 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
path traversal
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | Dell OpenManage Server Administrator | url: | http://www.dell.com/support/contents/jp/ja/jpdhs1/article/Product-Support/Self-support-Knowledgebase/enterprise-resource-center/Enterprise-Tools/OMSA | Trust: 0.8 |
| title: | - | url: | https://github.com/und3sc0n0c1d0/AFR-in-OMSA | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-4004 | Trust: 2.9 |
| db: | EXPLOIT-DB | id: | 39486 | Trust: 2.6 |
| db: | SECTRACK | id: | 1035564 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2016-002121 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201604-215 | Trust: 0.7 |
| db: | BID | id: | 86312 | Trust: 0.4 |
| db: | PACKETSTORM | id: | 142005 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-92823 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2016-4004 | Trust: 0.1 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/39486/ | Trust: 2.7 |
| url: | http://www.securitytracker.com/id/1035564 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4004 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4004 | Trust: 0.8 |
| url: | http://dell.com | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/22.html | Trust: 0.1 |
| url: | https://github.com/und3sc0n0c1d0/afr-in-omsa | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
hantwister
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-92823 |
| db: | VULMON | id: | CVE-2016-4004 |
| db: | BID | id: | 86312 |
| db: | JVNDB | id: | JVNDB-2016-002121 |
| db: | CNNVD | id: | CNNVD-201604-215 |
| db: | NVD | id: | CVE-2016-4004 |
LAST UPDATE DATE
2024-11-23T21:54:38.343000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-92823 | date: | 2016-12-03T00:00:00 |
| db: | VULMON | id: | CVE-2016-4004 | date: | 2016-12-03T00:00:00 |
| db: | BID | id: | 86312 | date: | 2016-02-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-002121 | date: | 2016-04-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201604-215 | date: | 2016-04-13T00:00:00 |
| db: | NVD | id: | CVE-2016-4004 | date: | 2024-11-21T02:51:08.810 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-92823 | date: | 2016-04-12T00:00:00 |
| db: | VULMON | id: | CVE-2016-4004 | date: | 2016-04-12T00:00:00 |
| db: | BID | id: | 86312 | date: | 2016-02-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-002121 | date: | 2016-04-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201604-215 | date: | 2016-04-13T00:00:00 |
| db: | NVD | id: | CVE-2016-4004 | date: | 2016-04-12T17:59:06.937 |