XML External Entity (XXE) Injection Vulnerability in Dell EMC OpenManage Server Administrator (OMSA)

XML External Entity (XXE) Injection Vulnerability in Dell EMC OpenManage Server Administrator (OMSA)

CVE-2019-3722 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.

Learn more about our Cis Benchmark Audit For Server Software.