CVE-2024-45761

MEDIUM

Dell OpenManage Server Administrator < 11.1.0.0 - Remote Code Execution via Web Plugin Injection

Title source: llm

Description

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000258320/dsa-2024-481-security-update-for-dell-openmanage-server-administrator-omsa-vulnerability

Scores

CVSS v3 5.4

EPSS 0.0019

EPSS Percentile 40.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

dell/openmanage_server_administrator < 11.1.0.0

Published Dec 09, 2024

Tracked Since Feb 18, 2026