CVE-2019-18580

CRITICAL

Dell EMC Storage Monitoring and Reporting <4.3.1 - Deserialization

Title source: llm

Description

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

References (1)

[Vendor Advisory] https://www.dell.com/support/security/en-us/details/538977/DSA-2019-176-Dell-EMC-Storage-Monitoring-and-Reporting-SMR-Java-RMI-Deserialization-of-Untruste

Scores

CVSS v3 10.0

EPSS 0.1184

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

dell/emc_storage_monitoring_and_reporting

Timeline

Published Nov 26, 2019

Tracked Since Feb 18, 2026