CVE-2016-4004

MEDIUM

Dell OMSA 8.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

Exploits (2)

exploitdb WORKING POC VERIFIED

by hantwister · textwebappswindows

https://www.exploit-db.com/exploits/39486

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by und3sc0n0c1d0 · poc

https://github.com/und3sc0n0c1d0/AFR-in-OMSA

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1035564

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39486/

Scores

CVSS v3 4.9

EPSS 0.1217

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

dell/openmanage_server_administrator 8.2

Published Apr 12, 2016

Tracked Since Feb 18, 2026