Release Notes

Security Update for DellEMC OpenManage

Server Administrator Vulnerable to the

CVE-2016-4004 — Technical Note

The following sections provide a detailed description of the DellEMC OpenManage Server Administrator technical note.

Topics:

• Applies To

• Summary

• Important Note

• Additional Resources

Applies To

DellEMC OpenManage Sever Administrator (OMSA) version up to 8.4.

Summary

This technical note provides information about the affected DellEMC OpenManage Server Administrator product version, mitigation

details, and links to resources for additional information.

According to the vulnerability notes databases, DellEMC OpenManage Server Administrator allows remote authenticated administrators

to read arbitrary files. However, this scenario is not applicable to non-authenticated users.

DellEMC OpenManage Server Administrator is not technically affected by this vulnerability because of the following reasons:

• The authenticated administrators searching for any weak areas that could be exploited by malicious hackers.

• By default, members of the local Power User Group do not have full remote access to all files on the boot drive mounted as a share.

• It has not been possible for a non-authenticated user to exploit this vulnerability.

Important Note

The DellEMC OpenManage Server Administrator product team is proactively working on a patch/release to improve the system security,

to minimize or eliminate any potential attacks.

Additional Resources

For more details and the latest information on mitigations, see the following:

National Vulnerability Database: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4004

4 Security Update for DellEMC OpenManage Server Administrator Vulnerable to the CVE-2016-4004 — Technical Note