Article Number: 000129176
High
CVE-2020-5327
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.
8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-5327
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.
8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products:
Dell Security Management Server prior to 10.2.10
Resolution:
The following Dell Encryption releases contains a resolution to this vulnerability:
Dell Security Management Server version 10.2.10 or later
Dell recommends installing the latest version of Dell Encryption software to receive the latest security updates to the product.
Browse to the Dell Encryption Software download page for the latest version.
Affected products:
Dell Security Management Server prior to 10.2.10
Resolution:
The following Dell Encryption releases contains a resolution to this vulnerability:
Dell Security Management Server version 10.2.10 or later
Dell recommends installing the latest version of Dell Encryption software to receive the latest security updates to the product.
Browse to the Dell Encryption Software download page for the latest version.
Dell would like to thank An Trinh for reporting this issue.
Servers, Product Security Information
10 Nov 2021
5
Dell Security Advisory