Summary
EMC Cloud Tiering Appliance v10.0 is susceptible to an unauthenticated XXE attack
Impact
An attacker can read arbitrary files from the file system with the permissions of the root user
Solution
Ask the vendor for an update
Insight
EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user.
Affected
EMC CTA v10.0
Detection
Send a special crafted HTTP POST request and check the response.
References
Updated on 2015-03-25