Vigil@nce - Dell OpenManage Server Administrator: directory traversal
April 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can traverse directories of Dell
OpenManage Server Administrator, in order to read a file outside
the service root path.
Impacted products: OpenManage.
Severity: 1/4.
Creation date: 13/04/2016.
DESCRIPTION OF THE VULNERABILITY
The Dell OpenManage Server Administrator product offers a web
service.
However, user’s data are directly inserted in an access path.
Sequences such as "/.." can thus be used to go in the upper
directory.
An authenticated attacker can therefore traverse directories of
Dell OpenManage Server Administrator, in order to read a file
outside the service root path.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Dell-OpenManage-Server-Administrator-directory-traversal-19363