CVE-2019-3751

Published: Sep 3, 2019Modified: Nov 21, 2024

7.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

Affected (5)

Products: Dell: Emc Enterprise Copy Data Management

Dell

1 product

Emc Enterprise Copy Data Management

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Enterprise Copy Data Management	Version 1.0
Dell Emc Enterprise Copy Data Management	Version 1.1
Dell Emc Enterprise Copy Data Management	Version 2.0
Dell Emc Enterprise Copy Data Management	Version 2.1
Dell Emc Enterprise Copy Data Management	Version 3.0

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://www.dell.com/support/security/en-us/details/536848/DSA-2019-118-Dell-EMC-Enterprise-Copy-Data-Management-eCDM-Improper-Certificate-Validation-Vuln

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/security/en-us/details/536848/DSA-2019-118-Dell-EMC-Enterprise-Copy-Data-Management-eCDM-Improper-Certificate-Validation-Vuln

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.