DSA-2024-481: Security Update for Dell OpenManage Server Administrator (OMSA) Vulnerabilities
Summary: Dell OpenManage Server Administrator (OMSA) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-45760 |
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges. |
4.3 |
|
| CVE-2024-45761 |
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service. |
5.4 |
| Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-45760 |
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges. |
4.3 |
|
| CVE-2024-45761 |
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service. |
5.4 |
Affected Products & Remediation
| Product |
Affected Versions |
Remediated Versions |
Link |
| Dell OpenManage Server Administrator Managed Node for Windows |
Version 11.0.1.0 and prior |
11.1.0.0 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=82C83 |
| Dell OpenManage Server Administrator Managed Node (Linux Consolidated) |
Version 11.0.1.0 and prior |
11.1.0.0 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=30R6G |
| Dell Systems Management Tools and Documentation DVD ISO |
Version 11.0.1.0 and prior |
11.1.0.0 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=PW8WM |
| Product |
Affected Versions |
Remediated Versions |
Link |
| Dell OpenManage Server Administrator Managed Node for Windows |
Version 11.0.1.0 and prior |
11.1.0.0 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=82C83 |
| Dell OpenManage Server Administrator Managed Node (Linux Consolidated) |
Version 11.0.1.0 and prior |
11.1.0.0 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=30R6G |
| Dell Systems Management Tools and Documentation DVD ISO |
Version 11.0.1.0 and prior |
11.1.0.0 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=PW8WM |
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2024-12-09 |
Initial Release |
Related Information
Legal Disclaimer
Affected Products
OpenManage Server AdministratorArticle Properties
Article Number: 000258320
Article Type: Dell Security Advisory
Last Modified: 09 Dec 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.