ID de Prueba:	1.3.6.1.4.1.25623.1.0.103931
Categoría:	Web application abuses
Título:	EMC Cloud Tiering Appliance v10.0 Unauthenticated XXE Arbitrary File Read Vulnerability - Active Check
Resumen:	EMC Cloud Tiering Appliance (CTA) is susceptible to an; unauthenticated XML external entity (XXE) vulnerability.
Descripción:	Summary: EMC Cloud Tiering Appliance (CTA) is susceptible to an unauthenticated XML external entity (XXE) vulnerability. Vulnerability Insight: EMC CTA is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. Vulnerability Impact: An attacker can read arbitrary files from the file system with the permissions of the root user. Affected Software/OS: EMC CTA version 10.0 through SP1 is known to be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0644 Bugtraq: 20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html http://seclists.org/fulldisclosure/2014/Mar/426 https://gist.github.com/brandonprry/9895721
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.