CVE-2024-25944

MEDIUM

Dell OpenManage Enterprise < 4.0.1 - Unauthenticated Path Traversal

Title source: llm

Description

Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000223623/dsa-2024-100-security-update-for-dell-openmanage-enterprise-path-traversal-sensitive-data-disclosure-vulnerability

Scores

CVSS v3 5.7

EPSS 0.0076

EPSS Percentile 50.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-23

Status published

Products (1)

dell/openmanage_enterprise < 4.0.1

Published Mar 29, 2024

Tracked Since Feb 18, 2026