SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
CPE | Name | Operator | Version |
---|---|---|---|
emc_srs_policy_manager | eq | 6.8.3 | |
emc_srs_policy_manager | eq | 6.9.0 | |
emc_srs_policy_manager | eq | 6.6 |