CyberSec.Space Logo
Back to CVE Browser

CVE-2018-11048

HIGH
8.1
CVSS Severity Score
EPSS Score0.0630%
EPSS Percentile43.36th
PublishedAug 10, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

Affected Platforms (CPE)

πŸ“¦
Dell

Emc Data Protection Advisor

= 6.2
πŸ“¦
Dell

Emc Data Protection Advisor

= 6.3
πŸ“¦
Dell

Emc Data Protection Advisor

= 6.4
πŸ“¦
Dell

Emc Data Protection Advisor

= 6.5
πŸ“¦
Dell

Emc Integrated Data Protection Appliance

= 2.0
πŸ“¦
Dell

Emc Integrated Data Protection Appliance

= 2.1

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2018/Aug/5
πŸ”— http://www.securityfocus.com/bid/105130
πŸ”— http://www.securitytracker.com/id/1041417
πŸ”— http://seclists.org/fulldisclosure/2018/Aug/5
πŸ”— http://www.securityfocus.com/bid/105130
πŸ”— http://www.securitytracker.com/id/1041417

Related Vulnerabilities

CVE-2017-80139.8

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwo...

CVE-2017-109558.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6....

CVE-2017-80028.8

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker ma...

CVE-2020-53528.8

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious...