CVE-2019-3722

Summary

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.

Affected Software

VendorProductVersion RangeStatus
Dell EMCOpenManage Server Administrator9.1.0.3 < 9.1.0.3affected
Dell EMCOpenManage Server Administrator9.3.0.4 < 9.3.0.4affected

Weaknesses

  • XML External Entity (XXE) Injection Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References