vendor:
OpenManage Server Administrator
by:
hantwister
7.5
CVSS
HIGH
Authenticated Directory Traversal
22
CWE
Product Name: OpenManage Server Administrator
Affected Version From: 8.2
Affected Version To: 8.2
Patch Exists: YES
Related CWE:
CPE: a:dell:openmanage_server_administrator:8.2
Platforms Tested: Windows 7 x64
2016
Dell OpenManage Server Administrator 8.2 Authenticated Directory Traversal
When authenticated as an admin, an attacker can manipulate the URL to access arbitrary files on the server. By substituting the target IP, desired file path, and session-specific vid parameter, the attacker can bypass security controls and view sensitive files.
Mitigation:
Apply the latest patches and updates from the vendor.