← Retour aux CVEs

CVE-2018-11048

HIGH

8.1

Description

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

Details CVE

Score CVSS v3.18.1

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie8/10/2018

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

dell:emc_data_protection_advisordell:emc_integrated_data_protection_appliance

Faiblesses (CWE)

CWE-611

References

http://seclists.org/fulldisclosure/2018/Aug/5(security_alert@emc.com)

http://www.securityfocus.com/bid/105130(security_alert@emc.com)

http://www.securitytracker.com/id/1041417(security_alert@emc.com)

http://seclists.org/fulldisclosure/2018/Aug/5(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/105130(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1041417(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.