CVE-2020-5370

Name of the Vulnerable Software and Affected Versions Dell EMC OpenManage Enterprise (OME) versions prior to 3.4

Description The issue allows a remote authenticated malicious user with high privileges to potentially exploit an arbitrary file overwrite vulnerability. This can be achieved via directory traversal sequences using a crafted tar file to inject malicious RPMs, which may cause a denial of service or perform unauthorized actions.

Recommendations For versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory traversal sequences and crafted tar files to minimize the risk of exploitation. Additionally, monitor system logs for suspicious activity and unauthorized actions.