ID CVE-2024-25944
Summary Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-23
CAPEC
  • Manipulating Web Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 29-03-2024 - 17:15
Published 29-03-2024 - 17:15
Last modified 29-03-2024 - 17:15
Back to Top