CVE-2019-18580Deserialization of Untrusted Data in Dell EMC Storage M R

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
11.8%
top 6.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell EMC Storage M RDell EMC Storage Monitoring AND Reporting
Timeline
PublishedNov 26
Latest updateMay 24

Description

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5dell/emc_storage_m_rDell EMC SMR Version 4.3.1

🔴Vulnerability Details

2
GHSA
GHSA-32f2-chgf-rf94: Dell EMC Storage Monitoring and Reporting version 42022-05-24
CVEList
CVE-2019-18580: Dell EMC Storage Monitoring and Reporting version 42019-11-26
CVE-2019-18580 — Deserialization of Untrusted Data | cvebase