CVE-2024-25944

MEDIUM

Dell Openmanage Enterprise < 4.0.1 - Path Traversal

Title source: rule

Description

Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000223623/dsa-2024-100-security-update-for-dell-openmanage-enterprise-path-traversal-sensitive-data-disclosure-vulnerability

Scores

CVSS v3 5.7

EPSS 0.0040

EPSS Percentile 60.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-23

Status published

Products (1)

dell/openmanage_enterprise < 4.0.1

Published Mar 29, 2024

Tracked Since Feb 18, 2026