EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote malicious users to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
emc cloud_tiering_appliance_software 10.0 |
||
emc cloud_tiering_appliance - |