CRITICAL🇵🇱 Wersja polska

CVE-2018-1183

CVSS 9.8v3.0pub. 2018-04-30upd. 2024-11-21

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Emc Smis

    APP
    Dell
    < 8.4.0.6
  • Dell Emc Solutions Enabler Virtual Appliance

    APP
    Dell
    < 8.4.0.8
  • Dell Emc Unisphere

    APP
    Dell
    < 8.4.0.8
  • Dell Emc Unity Operating Environment

    APP
    Dell
    < 4.3.0.1522077968
  • Dell Emc Vasa Provider Virtual Appliance

    APP
    Dell
    < 8.4.0.512
  • Dell Emc Vipr Srm

    APP
    Dell
    3.73.7.13.7.24.04.0.14.0.24.0.3
  • Dell Emc Vmax Embedded Management

    APP
    Dell
    ≤ 1.4.0.347
  • Dell Emc Vmax Enas

    APP
    Dell
    8.08.0.1
  • Dell Emc Vnx1 Operating Environment

    APP
    Dell
    05.32.000.5.2257.1.82.0
  • Dell Emc Vnx2 Operating Environment

    APP
    Dell
    < 05.33.009.5.231< 8.1.9.231
  • Dell Emc Vnxe1600 Operating Environment

    APP
    Dell
    < 3.1.9.9570228
  • Dell Emc Vnxe 3100 Operating Environment

    APP
    Dell
    wszystkie wersje
  • Dell Emc Vnxe 3150 Operating Environment

    APP
    Dell
    wszystkie wersje
  • Dell Emc Vnxe3200 Operating Environment

    APP
    Dell
    wszystkie wersje
  • Dell Emc Vnxe 3300 Operating Environment

    APP
    Dell
    wszystkie wersje
  • Dell Emc Xtremio

    APP
    Dell
    4.04.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2021-36294CRITICAL9.8ten sam produkt

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remot...

CVE-2018-1216CRITICAL9.8ten sam produkt

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for...

CVE-2017-14375CRITICAL9.8ten sam produkt

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appl...

CVE-2017-8011CRITICAL9.8ten sam produkt

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Sto...

CVE-2017-4997CRITICAL9.8ten sam produkt

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vuln...