Vulnerability Description
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Data Protection Advisor | 6.2 |
| Dell | Emc Integrated Data Protection Appliance | 2.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Aug/5Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105130Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041417Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Aug/5Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105130Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041417Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-11048?
CVE-2018-11048 is a vulnerability with a CVSS score of 8.1 (HIGH). Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in ...
How severe is CVE-2018-11048?
CVE-2018-11048 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11048?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Data Protection Advisor, Dell Emc Integrated Data Protection Appliance.