Описание
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:-:*:*:*:*:*:*
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:sp1:*:*:*:*:*:*
cpe:2.3:h:emc:cloud_tiering_appliance:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.74022
Высокий
7.8 High
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
EPSS
Процентиль: 99%
0.74022
Высокий
7.8 High
CVSS2
Дефекты
CWE-200