QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-11048

Back to search

CVE-2018-11048

Published: Aug 10, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

VendorProductVersions

Dell EMC

Data Protection Advisor

affected
6.2
affected
6.3
affected
6.4 - <= patch B180
affected
6.5 - <= patch B58

Dell EMC

Integrated Data Protection Appliance

affected
2.0
affected
2.1

References

105130
vdb-entry
x_refsource_BID
1041417
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now