CVE-2016-6898

Name of the Vulnerable Software and Affected Versions Huawei E9000 rack servers with software before V100R001C00SPC296

Description The issue is related to an XML external entity (XXE) vulnerability in the Hyper Management Module (HMM). This allows remote authenticated users to read arbitrary files or cause a denial of service, resulting in a web service outage, by sending a crafted XML document.

Recommendations For Huawei E9000 rack servers with software before V100R001C00SPC296, update to V100R001C00SPC296 or later to resolve the issue. As a temporary workaround, consider restricting access to the HMM to minimize the risk of exploitation.