CVE-2018-1183XML External Entity (XXE) Injection in Dell EMC Smis

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 39.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Dell EMC SmisDell EMC Solutions Enabler Virtual ApplianceDell EMC Unisphere+9 more
Timeline
PublishedApr 30
Latest updateMay 14

Description

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

NVDdell/emc_vnx2_operating_environment< 05.33.009.5.231+1
NVDdell/emc_vnx1_operating_environment05.32.000.5.225, 7.1.82.0+1
NVDdell/emc_unity_operating_environment< 4.3.0.1522077968

🔴Vulnerability Details

2
GHSA
GHSA-vj8x-7v7m-g9v3: In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 82022-05-14
CVEList
CVE-2018-1183: In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 82018-04-30

💥Exploits & PoCs

1
Nuclei
Opencart Divido - Sql Injection
CVE-2018-1183 — XML External Entity (XXE) Injection | cvebase