Denial of Service, Improper Certificate Validation, and Information Disclosure Vulnerabilities for Dell EMC NetWorker
Description
Dell EMC NetWorker, between 18.x and 19.4 may contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path. There are also improper certifcate validation vulnerability which uses SSL encrypted connection, and an unauthenticated attacker in the same network can perform man-in-the-middle attacks. An information disclosure vulnerability which may lead to stolen credentials.
Affected Applications
EMC NetWorker