CVE-2019-3746
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | Integrated Data Protection Appliance | prior to 2.3 | affected |
Weaknesses
- CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.