CVE-2018-11048

Name of the Vulnerable Software and Affected Versions Dell EMC Data Protection Advisor versions 6.2 through 6.5 Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.1

Description The issue concerns a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

Recommendations For Dell EMC Data Protection Advisor versions 6.2 through 6.5, update to a version that contains a fix for this issue. For Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.1, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation.