Authentication Bypass Vulnerability Found in Dell OpenManage Server Administrator

Dell Technologies has issued a critical security advisory for its OpenManage Server Administrator (OMSA) software. The advisory addresses a high-severity vulnerability (CVE-2024-52316) in Apache Tomcat that could allow malicious actors to bypass authentication and gain unauthorized access to affected systems.

The vulnerability stems from an unchecked error condition in Apache Tomcat’s Jakarta Authentication (formerly JASPIC) ServerAuthContext component. If an exception occurs during the authentication process without explicitly setting an HTTP failure status, the authentication process may not fail as expected. This flaw allows unauthorized users to bypass authentication and compromise systems relying on this setup.

Affected versions of Apache Tomcat include:

11.0.0-M1 to 11.0.0-M26
10.1.0-M1 to 10.1.30
9.0.0-M1 to 9.0.95

While there are no known Jakarta Authentication components currently exhibiting this behavior, the potential impact remains significant, especially for enterprise environments reliant on OMSA for system management.

Dell has confirmed that the following OMSA configurations are vulnerable if Apache Tomcat versions prior to 11.1.0.0 are in use:

OMSA Managed Node for Windows
OMSA Managed Node for Linux Consolidated
OMSA Managed Node for RHEL (8.x and 9.x)
OMSA Managed Node for SLES 15
OMSA Managed Node for Ubuntu 20.04
Dell Systems Management Tools and Documentation DVD ISO

The vulnerability has been assigned a CVSS score of 9.8, categorizing it as critical due to its ease of exploitation and the potential for severe impact on system security.

Dell advises customers to update to Apache Tomcat version 11.1.0.0 or later to mitigate this vulnerability. The updated versions are available for download on Dell’s official support page:

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply