2.3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

emc

NVD

Published: 2015-09-04

Updated: 2016-12-22

Summary

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Atmos 2.2.3 EMC Atmos 2.3.0	2

References

http://packetstormsecurity.com/files/133405/EMC-Atmos-2.3.0-XML-External-Entity-Injection.html
http://seclists.org/bugtraq/2015/Sep/7
http://www.securitytracker.com/id/1033456