CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-11048

HIGH
8.1
CVSS Severity Score
EPSS Score0.0630%
EPSS Percentile43.36th
Published2018年8月10日
Last Modified2024年11月21日

Vulnerability Description

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

Affected Platforms (CPE)

📦
Dell

Emc Data Protection Advisor

= 6.2
📦
Dell

Emc Data Protection Advisor

= 6.3
📦
Dell

Emc Data Protection Advisor

= 6.4
📦
Dell

Emc Data Protection Advisor

= 6.5
📦
Dell

Emc Integrated Data Protection Appliance

= 2.0
📦
Dell

Emc Integrated Data Protection Appliance

= 2.1

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Aug/5
🔗 http://www.securityfocus.com/bid/105130
🔗 http://www.securitytracker.com/id/1041417
🔗 http://seclists.org/fulldisclosure/2018/Aug/5
🔗 http://www.securityfocus.com/bid/105130
🔗 http://www.securitytracker.com/id/1041417

相关漏洞威胁

CVE-2017-80139.8

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwo...

CVE-2017-109558.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6....

CVE-2017-80028.8

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker ma...

CVE-2020-53528.8

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious...