CVE-2020-5327

Published: Mar 6, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

Affected (1)

Products: Dell: Security Management Server

1 product

Security Management Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Security Management Server	Before 10.2.10

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://www.dell.com/support/article/SLN320536

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/article/SLN320536

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.