CVE-2015-4538

Published: Sep 4, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:P

Exploitability: 8.0 / Impact: 7.8

Source: NVD

Description

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (2)

Products: Emc: Atmos

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emc Atmos	Version 2.2.3
Emc Atmos	Version 2.3.0

References (6)

http://packetstormsecurity.com/files/133405/EMC-Atmos-2.3.0-XML-External-Entity-Injection.html

Source: security_alert@emc.com

http://seclists.org/bugtraq/2015/Sep/7

Source: security_alert@emc.com

http://www.securitytracker.com/id/1033456

Source: security_alert@emc.com

http://packetstormsecurity.com/files/133405/EMC-Atmos-2.3.0-XML-External-Entity-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/bugtraq/2015/Sep/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033456

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.