XXE attack in EMC ViPR SRM - #VU12275
Published: April 27, 2018
Vulnerability identifier: #VU12275
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC ViPR SRM
EMC ViPR SRM
Detailed vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to improper restriction of XML external entity reference. A remote attacker can cause the service to crash, conduct XML external entity attacks to obtain files and gain root privileges.
The weakness exists due to improper restriction of XML external entity reference. A remote attacker can cause the service to crash, conduct XML external entity attacks to obtain files and gain root privileges.
Remediation
Update to version 4.1.1.