Dell Open Manage Server Administrator- (OMSA) Patch for CVE-2024-50379/CVE-2024-56337

Hi,

Support for OMSA is currently in sustenance mode. I have searched for any documentation regarding future release updates, but there are no tentative updates available. Additionally, there are no reports on the security vulnerability you mentioned at this time (https://dell.to/4gUrvGD).

I recommend raising a support case to have an engineer review OMSA for a potential patch if necessary.

I confirm this issue. Apache Tomcat (9.0.97) bundled with the latest OMSA 11.1.0.0, A01 falls into the CVE vulnerability scope, it needs to be updated to 9.0.98 at the minimum for remediation. Please make the fix available for all your customers.

Same here:

I confirm this issue. Apache Tomcat (9.0.97) bundled with the latest OMSA 11.1.0.0, A01 falls into the CVE vulnerability scope, it needs to be updated to 9.0.98 at the minimum for remediation. Please make the fix available for all your customers.

@DELL-Joey C​ 

Any update on this, its definitely a legit high CVE score on a supported Dell product

Hi,

Unfortunately, I am not able to check on the case if there is any open after my post comment to request for a call to technical support to raise a case. I also checked https://www.dell.com/support/security/en-us?dgc=sm&cid=1595898&lid=spr15833748735&refid=sm_COMMUNITY_spr15833748735&linkId=714935074 for any advisory logged, but I don't think it is listed. Due to that OMSA is in sustenance mode by engineering, I would suggest to contact support to create a case and raise to OMSA engineering for a patch.