CVE-2018-11048

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

8.1HIGH

EPSS

0.4%

top 40.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Data Protection Advisor Dell EMC Integrated Data Protection Appliance Dell EMC Data Protection Advisor +1 more

Timeline

PublishedAug 10

Latest updateMay 13

Description

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5dell_emc/integrated_data_protection_appliance2.0, 2.1+1

▶NVDdell/emc_integrated_data_protection_appliance2.0, 2.1+1

▶CVEListV5dell_emc/data_protection_advisor6.4 — patch B180+3

▶NVDdell/emc_data_protection_advisor4 versions+3

🔴Vulnerability Details

GHSA

GHSA-ww27-qpc9-x958: Dell EMC Data Protection Advisor, versions 6↗2022-05-13

▶

CVEList

CVE-2018-11048: Dell EMC Data Protection Advisor, versions 6↗2018-08-10

▶