EMC Atmos XML external entity injection Vulnerability(CVE-2 0 1 5-4 5 3 8)-vulnerability warning-the black bar safety net

2015-09-08T00:00:00
ID MYHACK58:62201566701
Type myhack58
Reporter 佚名
Modified 2015-09-08T00:00:00

Description

Affected system:

EMC Atmos <= 2.3.0 Description:

CVE(CAN) ID: CVE-2 0 1 5-4 5 3 8

EMC Atmos is used to store, archive and access massive unstructured data platform.

EMC Atmos 2.3.0 and earlier versions of the XML parser there is XXE injection vulnerability, allows an attacker unauthorized access to sensitive information or cause a denial of service.

<source: security_alert@emc.com >

Recommendations:

Manufacturers patch:

EMC --- The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:

http://china.emc.com/storage/atmos/atmos.htm