CVE-2019-18580

Name of the Vulnerable Software and Affected Versions Dell EMC Storage Monitoring and Reporting version 4.3.1

Description The issue allows a remote unauthenticated attacker to potentially execute arbitrary code on the target host by sending a crafted Java RMI request. This is due to a Java RMI Deserialization of Untrusted Data vulnerability.

Recommendations For version 4.3.1, consider restricting access to the Java RMI service to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the Java RMI service may help prevent remote code execution attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.