Vulnerability Details CVE-2019-3751
Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.3%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 5.8
References
- https://www.dell.com/support/security/en-us/details/536848/DSA-2019-118-Dell-EMC-Enterprise-Copy-Data-Management-eCDM-Improper-Certificate-Validation-Vuln
- https://www.dell.com/support/security/en-us/details/536848/DSA-2019-118-Dell-EMC-Enterprise-Copy-Data-Management-eCDM-Improper-Certificate-Validation-Vuln
Products affected by CVE-2019-3751
-
cpe:2.3:a:dell:emc_enterprise_copy_data_management:1.0
-
cpe:2.3:a:dell:emc_enterprise_copy_data_management:1.1
-
cpe:2.3:a:dell:emc_enterprise_copy_data_management:2.0
-
cpe:2.3:a:dell:emc_enterprise_copy_data_management:2.1
-
cpe:2.3:a:dell:emc_enterprise_copy_data_management:3.0