CVE-2020-5327: 
Dell Security Management Server vulnerability analysis and mitigation

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability identified as CVE-2020-5327. The vulnerability was disclosed on March 6, 2020. This security issue affects Dell Security Management Server installations where the server is exposed to the internet and Windows Firewall is disabled (NVD).

The vulnerability is classified as a Java RMI Deserialization of Untrusted Data (CWE-502) issue. It received a CVSS v3.1 Base Score of 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) from NIST NVD, while Dell assigned it a score of 8.1 HIGH (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). The CVSS v2.0 Base Score is 9.3 HIGH (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

When exploited, this vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target host by sending a crafted RMI request. The impact is particularly severe as it can lead to complete system compromise with high confidentiality, integrity, and availability impacts (NVD).

Dell has released version 10.2.10 of the Security Management Server to address this vulnerability. Users are advised to upgrade to this version or later to mitigate the risk (Dell Advisory).