Home
Mapping Frameworks
CVE Home
Data Protection Advisor

CVE CVE-2018-11048 Mappings

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
CVE-2018-11048	Data Protection Advisor	primary_impact	T1059	Command and Scripting Interpreter
CVE-2018-11048	Data Protection Advisor	secondary_impact	T1005	Data from Local System
CVE-2018-11048	Data Protection Advisor	secondary_impact	T1499.004	Application or System Exploitation
CVE-2018-11048	Data Protection Advisor	exploitation_technique	T1133	External Remote Services