Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2020-037: Dell Security Management Server Deserialization of Untrusted Data Vulnerability

Summary: Dell Security Management Server requires an update to address a deserialization of untrusted data vulnerability.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

High

Details

  • Deserialization of Untrusted Data Vulnerability

CVE-2020-5327

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

  • Deserialization of Untrusted Data Vulnerability

CVE-2020-5327

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products:

Dell Security Management Server prior to 10.2.10

 

Resolution:

The following Dell Encryption releases contains a resolution to this vulnerability:

Dell Security Management Server version 10.2.10 or later

Dell recommends installing the latest version of Dell Encryption software to receive the latest security updates to the product.

Browse to the Dell Encryption Software download page for the latest version.


 

Affected products:

Dell Security Management Server prior to 10.2.10

 

Resolution:

The following Dell Encryption releases contains a resolution to this vulnerability:

Dell Security Management Server version 10.2.10 or later

Dell recommends installing the latest version of Dell Encryption software to receive the latest security updates to the product.

Browse to the Dell Encryption Software download page for the latest version.


 

Acknowledgements

Dell would like to thank An Trinh for reporting this issue.

Related Information

Affected Products

Servers, Product Security Information
Article Properties
Article Number: 000129176
Article Type: Dell Security Advisory
Last Modified: 10 Nov 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.