cvelist/2019/3xxx/CVE-2019-3746.json

{
    "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2019-08-08",
        "ID": "CVE-2019-3746",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Dell",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Integrated Data Protection Appliance",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "prior to 2.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system."
            }
        ]
    },
    "impact": {
        "cvss": {
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "name": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities",
                "url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"
            }
        ]
    }
}
- Synchronized data. 2019-01-03 14:05:09 -05:00			`{`
"-Synchronized-Data." 2019-03-18 05:45:08 +00:00			`"CVE_data_meta": {`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"ASSIGNER": "secure@dell.com",`
			`"DATE_PUBLIC": "2019-08-08",`
			`"ID": "CVE-2019-3746",`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`},`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"vendor_name": "Dell",`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"product": {`
			`"product_data": [`
			`{`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"product_name": "Integrated Data Protection Appliance",`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"version_value": "prior to 2.3"`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`}`
			`]`
			`}`
			`}`
			`]`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`}`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`}`
			`]`
			`}`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2019-03-18 05:45:08 +00:00			`"description": {`
			`"description_data": [`
			`{`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"lang": "eng",`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"value": "Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system."`
			`}`
			`]`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`},`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"impact": {`
			`"cvss": {`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"baseScore": 9.8,`
			`"baseSeverity": "Critical",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"version": "3.0"`
			`}`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`},`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"lang": "eng",`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"`
			`}`
			`]`
			`}`
			`]`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`},`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2019-09-27 21:01:05 +00:00			`"refsource": "CONFIRM",`
			`"name": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities",`
Added CVE-2019-3736,46,47,66 2019-09-27 13:53:03 -04:00			`"url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"`
"-Synchronized-Data." 2019-03-18 05:45:08 +00:00			`}`
			`]`
			`}`
			`}`