B4Gpipe

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Enterprise versions OME 4.1 and prior Description: The issue is related to improper control of code generation, which could allow a remote attacker with low privileges to execute arbitrary code. This is a code injection vulnerability that can be exploited remotely. Recommendations: For versions OME 4.1 and prior, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Enterprise versions OME 4.1 and prior Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This could allow a low-privileged attacker with remote access to potentially exploit the vulnerability, leading to information disclosure. Recommendations: For Dell OpenManage Enterprise versions OME 4.1 and prior, consider restricting access to the SQL command functionality until a patch is available. As a temporary workaround, avoid using user-input data in SQL commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell AppSync Server versions 4.3 through 4.6 **Description** The issue is related to an XML External Entity Injection, which could be exploited by an adjacent high privileged attacker, potentially leading to information disclosure. **Recommendations** For versions 4.3 through 4.6, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.