OpenManage Enterprise
by Dell
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21564 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2021 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | ||
| CVE-2021-21596 | Cri | 0.62 | 9.6 | 0.01 | Aug 9, 2021 | Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability… | ||
| CVE-2022-26857 | Cri | 0.59 | 9.0 | 0.01 | May 26, 2022 | Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | ||
| CVE-2021-21585 | Cri | 0.59 | 9.1 | 0.02 | Aug 9, 2021 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | ||
| CVE-2020-5322 | Cri | 0.59 | 9.1 | 0.02 | Jul 19, 2021 | Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system. | ||
| CVE-2020-5320 | Cri | 0.59 | 9.0 | 0.01 | Jul 19, 2021 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to… | ||
| CVE-2021-21530 | Hig | 0.54 | 8.3 | 0.01 | Apr 30, 2021 | Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive… | ||
| CVE-2024-45766 | Hig | 0.52 | 8.0 | 0.01 | Oct 17, 2024 | Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||
| CVE-2020-5370 | Hig | 0.51 | 7.9 | 0.01 | Jul 22, 2021 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences… | ||
| CVE-2021-21584 | Hig | 0.50 | 7.7 | 0.01 | Aug 9, 2021 | Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. | ||
| CVE-2020-5321 | Hig | 0.49 | 7.6 | 0.01 | Jul 19, 2021 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this… | ||
| CVE-2024-28961 | Med | 0.41 | 6.3 | 0.00 | Apr 29, 2024 | Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This… | ||
| CVE-2024-25944 | Med | 0.37 | 5.7 | 0.01 | Mar 29, 2024 | Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running… | ||
| CVE-2020-5323 | Med | 0.35 | 5.4 | 0.01 | Jul 19, 2021 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain… | ||
| CVE-2024-28978 | Med | 0.34 | 5.2 | 0.00 | May 1, 2024 | Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources. | ||
| CVE-2024-28979 | Med | 0.33 | 5.1 | 0.00 | May 1, 2024 | Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script… | ||
| CVE-2024-45767 | Med | 0.28 | 4.3 | 0.00 | Oct 17, 2024 | Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to… | ||
| CVE-2025-38745 | 0.00 | — | 0.00 | Aug 14, 2025 | Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information… |
- risk 0.64cvss 9.8epss 0.02
Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.
- risk 0.62cvss 9.6epss 0.01
Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability…
- risk 0.59cvss 9.0epss 0.01
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.
- risk 0.59cvss 9.1epss 0.02
Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.
- risk 0.59cvss 9.1epss 0.02
Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system.
- risk 0.59cvss 9.0epss 0.01
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to…
- risk 0.54cvss 8.3epss 0.01
Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive…
- risk 0.52cvss 8.0epss 0.01
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
- risk 0.51cvss 7.9epss 0.01
Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences…
- risk 0.50cvss 7.7epss 0.01
Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials.
- risk 0.49cvss 7.6epss 0.01
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this…
- risk 0.41cvss 6.3epss 0.00
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This…
- risk 0.37cvss 5.7epss 0.01
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running…
- risk 0.35cvss 5.4epss 0.01
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain…
- risk 0.34cvss 5.2epss 0.00
Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.
- risk 0.33cvss 5.1epss 0.00
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script…
- risk 0.28cvss 4.3epss 0.00
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to…
- CVE-2025-38745Aug 14, 2025risk 0.00cvss —epss 0.00
Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information…