CVE-2016-6898

medium

Description

XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.

References

http://www.securityfocus.com/bid/92620

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en

Details

Source: Mitre, NVD

Published: 2016-09-07

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.6

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00173