PT-2021-12393 · Dell Emc · Dell Emc Openmanage Enterprise-Modular+1

Published

2021-07-19

Updated

2022-07-15

CVE-2020-5323

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00

Description The issue concerns an injection vulnerability that could be exploited by a remote authenticated malicious user with low privileges to gain access to sensitive information or cause denial-of-service.

Recommendations For Dell EMC OpenManage Enterprise (OME) versions prior to 3.2, update to version 3.2 or later. For Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00, update to version 1.10.00 or later.

Fix

XXE

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-74

Related Identifiers

CVE-2020-5323

Affected Products

Dell Openmanage Enterprise

Dell Emc Openmanage Enterprise-Modular

PT-2021-12393 · Dell Emc · Dell Emc Openmanage Enterprise-Modular+1

CVE-2020-5323

Weakness Enumeration

Related Identifiers

Affected Products

References · 5