Lucene search

[email protected]CVE-2015-4538

HistorySep 04, 2015 - 1:59 a.m.

CVE-2015-4538

2015-09-0401:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

emc atmos

xml parser

cve-2015-4538

xxe

nvd

security

remote authentication

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:C/I:N/A:P

0.003 Low

EPSS

Percentile

70.8%

JSON

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CPENameOperatorVersion
emc:atmosemc atmoseq2.2.3
emc:atmosemc atmoseq2.3.0

CPE	Name	Operator	Version
emc:atmos	emc atmos	eq	2.2.3
emc:atmos	emc atmos	eq	2.3.0

References

packetstormsecurity.com/files/133405/EMC-Atmos-2.3.0-XML-External-Entity-Injection.html

seclists.org/bugtraq/2015/Sep/7

www.securitytracker.com/id/1033456