EMC Cloud Tiering Appliance V10.0 Unauthenticated XXE Arbitrary File Read Network Vulnerability

Summary

EMC Cloud Tiering Appliance v10.0 is susceptible to an unauthenticated XXE attack

Impact

An attacker can read arbitrary files from the file system with the permissions of the root user

Solution

Ask the vendor for an update

Insight

EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user.

Affected

EMC CTA v10.0

Detection

Send a special crafted HTTP POST request and check the response.

References

http://www.exploit-db.com/exploits/32623/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 8.5
AV:N/AC:L/Au:N/C:C/I:P/A:N

Related Vulnerabilities

Admin Bot 'news.php' SQL Injection Vulnerability
Adobe ColdFusion Information Disclosure Vulnerability
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Alchemy Eye HTTP Command Execution
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities

EMC Cloud Tiering Appliance v10.0 Unauthenticated XXE Arbitrary File Read

Take action and discover your vulnerabilities