SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dell emc srs policy manager 6.6 |
||
dell emc srs policy manager 6.8.3 |
||
dell emc srs policy manager 6.9.0 |