CVE-2016-6898

Published: Sep 7, 2016Modified: May 6, 2026

6.6

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Exploitability: 1.3 / Impact: 5.2

Source: NVD

Description

XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.

Affected (1)

Products: Huawei: E9000 Chassis

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei E9000 Chassis	Up to v100r001c00

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/92620

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92620

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.