EMC Atmos 2.3.0 XML External Entity Injection

EMC Atmos is affected by an XML eXternal Entity (XXE) injection vulnerability due to the configuration of the XML parser shipped with the product. An XXE injection attack may occur when XML input containing a reference to an external entity is processed by an affected XML parser. XXE injection might allow attackers to gain unauthorized access to files containing sensitive information or might be used to cause denial of service.

Leave a Reply