CVE-2018-11048

MEDIUM

Description

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

References

http://seclists.org/fulldisclosure/2018/Aug/5

http://www.securityfocus.com/bid/105130

http://www.securitytracker.com/id/1041417

Details

Source: MITRE

Published: 2018-08-10

Modified: 2018-10-16

Type: CWE-611

Risk Information

CVSS v2.0

Base Score: 5.5

Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P)

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH