DSA-2020-037: Dell Security Management Server Deserialization of Untrusted Data Vulnerability

Summary: Dell Security Management Server requires an update to address a deserialization of untrusted data vulnerability.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

  • Deserialization of Untrusted Data Vulnerability

CVE-2020-5327

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

  • Deserialization of Untrusted Data Vulnerability

CVE-2020-5327

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products:

Dell Security Management Server prior to 10.2.10

 

Resolution:

The following Dell Encryption releases contains a resolution to this vulnerability:

Dell Security Management Server version 10.2.10 or later

Dell recommends installing the latest version of Dell Encryption software to receive the latest security updates to the product.

Browse to the Dell Encryption Software download page for the latest version.


 

Affected products:

Dell Security Management Server prior to 10.2.10

 

Resolution:

The following Dell Encryption releases contains a resolution to this vulnerability:

Dell Security Management Server version 10.2.10 or later

Dell recommends installing the latest version of Dell Encryption software to receive the latest security updates to the product.

Browse to the Dell Encryption Software download page for the latest version.


 

Acknowledgements

Dell would like to thank An Trinh for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Servers, Product Security Information
Article Properties
Article Number: 000129176
Article Type: Dell Security Advisory
Last Modified: 18 Aug 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.