Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EMC Cloud Tiering Appliance XML外部实体注入漏洞
Vulnerability Description
EMC Cloud Tiering Appliance(CTA)是美国易安信(EMC)公司的一套基于策略的文件分层、归档和迁移解决方案。该方案通过自动化文件分层、文件归档和文件迁移等功能优化网络存储(NAS)基础架构。 EMC CTA 10和10 SP1版本中存在XML外部实体注入漏洞。远程攻击者可利用该漏洞以root权限在受影响系统上读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A