← Back

CVE-2019-3762

nvd nist
Published: Mar 18, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.

Affected (10)

Dell
2 products
Emc Data Protection Central
Emc Integrated Data Protection Appliance
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Dell
Emc Data Protection Central
Version 1.0.1
Emc Data Protection Central
Version 1.0
Emc Data Protection Central
Version 18.1
Emc Data Protection Central
Version 18.2
Emc Data Protection Central
Version 19.1
Dell
Emc Integrated Data Protection Appliance
Version 2.0
Emc Integrated Data Protection Appliance
Version 2.1
Emc Integrated Data Protection Appliance
Version 2.2
Emc Integrated Data Protection Appliance
Version 2.3
Emc Integrated Data Protection Appliance
Version 2.4

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-296
Improper Following of a Certificate's Chain of Trust
The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.

References (2)

Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.