Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Dell SRS Policy Manager 代码问题漏洞
Vulnerability Description
Dell SRS Policy Manager是美国戴尔(Dell)公司的一个应用软件。提供戴尔策略管理功能 SRS Policy Manager 6.X 存在安全漏洞,该漏洞源于错误配置的XML解析器在处理用户提供的DTD输入时没有进行足够的验证。攻击者可利用该漏洞作为非根用户读取系统文件,并可能暂时中断ESRS服务。
CVSS Information
N/A
Vulnerability Type
N/A