Lucene search

DellCVELIST:CVE-2020-5320

HistoryJul 19, 2021 - 9:30 p.m.

CVE-2020-5320

2021-07-1921:30:32

CWE-89

dell

www.cve.org

dell emc

openmanage

sql injection

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

44.5%

JSON

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions.

CNA Affected

[
  {
    "product": "Dell OpenManage Enterprise",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.20",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000176929/dsa-2020-023-dell-emc-openmanage-enterprise-enterprise-modular-multiple-vulnerabilities

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

44.5%

JSON

Related for CVELIST:CVE-2020-5320