N/A

Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

对路径名的限制不恰当(路径遍历)

DELL EMC OpenManage Enterprise 路径遍历漏洞

DELL EMC OpenManage Enterprise是美国戴尔（DELL）公司的一个直观的基础架构管理控制台。OpenManage Enterprise 是系统管理和监视应用程序，提供了企业网络上 Dell EMC 服务器、机箱、存储设备和网络交换机的全面视图。 Dell EMC OpenManage Enterprise存在路径遍历漏洞，该漏洞源于具有高权限的远程经过身份验证的恶意用户可能会利用此漏洞，通过目录遍历序列，使用精心制作的tar文件来注入恶意rpm，从而可能导致拒绝服务或执行未经授权

N/A

N/A