Lucene search

DellCVELIST:CVE-2022-26857

HistoryMay 26, 2022 - 3:20 p.m.

CVE-2022-26857

2022-05-2615:20:23

CWE-285

dell

www.cve.org

dell openmanage

authorization

vulnerability

remote user

unauthorized actions

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.

CNA Affected

[
  {
    "product": "OpenManage Enterprise",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.8.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000197800/dsa-2022-077

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

Related for CVELIST:CVE-2022-26857