CVE-2016-4004

MEDIUM

Dell OpenManage Server Administrator 8.2 - Authenticated Path Traversal via ViewFile File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-4004. PoCs published by hantwister, und3sc0n0c1d0.

AI-analyzed exploit summary This exploit demonstrates an authenticated directory traversal vulnerability in Dell OpenManage Server Administrator 8.2. By manipulating the URL parameters, an attacker can read arbitrary files on the target system.

Description

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

Exploits (2)

exploitdb WORKING POC VERIFIED
by hantwister · textwebappswindows
https://www.exploit-db.com/exploits/39486

This exploit demonstrates an authenticated directory traversal vulnerability in Dell OpenManage Server Administrator 8.2. By manipulating the URL parameters, an attacker can read arbitrary files on the target system.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Dell OpenManage Server Administrator 8.2
Auth required
Prerequisites: Authenticated session as an admin · Access to the target's IP and port 1311
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by und3sc0n0c1d0 · poc
https://github.com/und3sc0n0c1d0/AFR-in-OMSA

This repository contains a functional Python script that exploits arbitrary file read vulnerabilities in Dell OpenManage Server Administrator (OMSA) by leveraging authentication bypass and path traversal techniques. The script tests for multiple CVEs (CVE-2016-4004, CVE-2020-5377, CVE-2021-21514) and retrieves file contents from the target system.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Dell OpenManage Server Administrator (OMSA)
Auth required
Prerequisites: Network access to target OMSA instance · Valid credentials for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035564
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39486/

Scores

CVSS v3 4.9
EPSS 0.0895
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
dell/openmanage_server_administrator 8.2
Published Apr 12, 2016
Tracked Since Feb 18, 2026