Sign-up

ID

VAR-201804-0950


CVE

CVE-2018-1183


TITLE

plural Dell EMC In product XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-004978

DESCRIPTION

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service. plural Dell EMC The product includes XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. are all products of Dell in the United States. Dell EMC Unisphere for VMAX Virtual Appliance (vApp) is a management tool for VMAX storage arrays. EMC Solutions Enabler Virtual Appliance is a solution application virtual appliance

Trust: 1.98

sources: NVD: CVE-2018-1183 // JVNDB: JVNDB-2018-004978 // BID: 104024 // VULHUB: VHN-121728

AFFECTED PRODUCTS

vendor:dellmodel:emc vipr srmscope:eqversion:4.0.2

Trust: 1.6

vendor:dellmodel:emc vipr srmscope:eqversion:3.7.1

Trust: 1.6

vendor:dellmodel:emc vmax enasscope:eqversion:8.0

Trust: 1.6

vendor:dellmodel:emc vipr srmscope:eqversion:4.0

Trust: 1.6

vendor:dellmodel:emc vipr srmscope:eqversion:4.0.1

Trust: 1.6

vendor:dellmodel:emc vipr srmscope:eqversion:3.7

Trust: 1.6

vendor:dellmodel:emc vipr srmscope:eqversion: -

Trust: 1.6

vendor:dellmodel:emc vipr srmscope:eqversion:3.7.2

Trust: 1.6

vendor:dellmodel:emc vipr srmscope:eqversion:4.0.3

Trust: 1.6

vendor:dellmodel:emc xtremioscope:eqversion:4.0.2

Trust: 1.0

vendor:dellmodel:emc xtremioscope:eqversion:4.0

Trust: 1.0

vendor:dellmodel:emc vnxe1600 operating environmentscope:ltversion:3.1.9.9570228

Trust: 1.0

vendor:dellmodel:emc vnx2 operating environmentscope:ltversion:8.1.9.231

Trust: 1.0

vendor:dellmodel:emc unispherescope:ltversion:8.4.0.8

Trust: 1.0

vendor:dellmodel:emc vnxe 3300 operating environmentscope:eqversion: -

Trust: 1.0

vendor:dellmodel:emc vnx2 operating environmentscope:ltversion:05.33.009.5.231

Trust: 1.0

vendor:dellmodel:emc vmax embedded managementscope:lteversion:1.4.0.347

Trust: 1.0

vendor:dellmodel:emc vnxe3200 operating environmentscope:eqversion: -

Trust: 1.0

vendor:dellmodel:emc vasa provider virtual appliancescope:ltversion:8.4.0.512

Trust: 1.0

vendor:dellmodel:emc smisscope:ltversion:8.4.0.6

Trust: 1.0

vendor:dellmodel:emc vnx1 operating environmentscope:eqversion:05.32.000.5.225

Trust: 1.0

vendor:dellmodel:emc vmax enasscope:eqversion:8.0.1

Trust: 1.0

vendor:dellmodel:emc unity operating environmentscope:ltversion:4.3.0.1522077968

Trust: 1.0

vendor:dellmodel:emc vnxe 3150 operating environmentscope:eqversion: -

Trust: 1.0

vendor:dellmodel:emc vnxe 3100 operating environmentscope:eqversion: -

Trust: 1.0

vendor:dellmodel:emc vnx1 operating environmentscope:eqversion:7.1.82.0

Trust: 1.0

vendor:dellmodel:emc solutions enabler virtual appliancescope:ltversion:8.4.0.8

Trust: 1.0

vendor:dellmodel:emc smisscope: - version: -

Trust: 0.8

vendor:dellmodel:emc solutions enabler virtual appliancescope: - version: -

Trust: 0.8

vendor:dellmodel:emc unispherescope: - version: -

Trust: 0.8

vendor:dellmodel:emc unity operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vasa provider virtual appliancescope: - version: -

Trust: 0.8

vendor:dellmodel:emc vipr srmscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vmax embedded managementscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vmax enasscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vnx1 operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vnx2 operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vnxe1600 operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vnxe3100 operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vnxe3150 operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vnxe3200 operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vnxe3300 operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc xtremioscope: - version: -

Trust: 0.8

vendor:dellmodel:emc vmax embedded managementscope:eqversion:1.4.0.347

Trust: 0.6

vendor:emcmodel:vipr srmscope:eqversion:3.6.1

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:1.6

Trust: 0.3

vendor:dellmodel:emc unisphere for vmaxscope:eqversion:8.2

Trust: 0.3

vendor:dellmodel:emc solutions enablerscope:eqversion:8.1.0.3

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.7

Trust: 0.3

vendor:emcmodel:vnx2scope:neversion:05.33.009.5.231

Trust: 0.3

vendor:emcmodel:vnx2scope:eqversion:8.1.9.155

Trust: 0.3

vendor:dellmodel:emc unisphere for vmaxscope:eqversion:8.3

Trust: 0.3

vendor:emcmodel:vasa provider virtual appliancescope:eqversion:8.3.0

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:1.0

Trust: 0.3

vendor:emcmodel:xtremioscope:eqversion:4.0.4-41

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:4.0.1

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.4

Trust: 0.3

vendor:emcmodel:vnx1scope:neversion:7.1.82.0

Trust: 0.3

vendor:emcmodel:vnxescope:eqversion:0

Trust: 0.3

vendor:dellmodel:emc solutions enablerscope:eqversion:8.4.0.15

Trust: 0.3

vendor:emcmodel:vmax enasscope:eqversion:8

Trust: 0.3

vendor:emcmodel:vnx2 oe for filescope:eqversion:8.1.9.211

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.7.1

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:4.0

Trust: 0.3

vendor:emcmodel:solutions enablerscope:eqversion:8.0

Trust: 0.3

vendor:emcmodel:smisscope:neversion:8.4.0.6

Trust: 0.3

vendor:emcmodel:vnxe3200scope:eqversion:3.1.5.8711957

Trust: 0.3

vendor:dellmodel:emc vmax embedded managementscope:neversion:1.4.0.347

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:4.0.3

Trust: 0.3

vendor:emcmodel:solutions enablerscope:eqversion:7.20

Trust: 0.3

vendor:emcmodel:unity operating environmentscope:eqversion:0

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:8.0.1

Trust: 0.3

vendor:emcmodel:solutions enablerscope:neversion:8.4.0.8

Trust: 0.3

vendor:dellmodel:emc unisphere for vmaxscope:eqversion:8.4.0.15

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.3

Trust: 0.3

vendor:emcmodel:vnx2scope:neversion:8.1.9.231

Trust: 0.3

vendor:dellmodel:emc solutions enablerscope:eqversion:8.3

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:1.1

Trust: 0.3

vendor:emcmodel:vnx2 oe for filescope:eqversion:8.1.9.217

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.0

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:8.0.2.6

Trust: 0.3

vendor:dellmodel:emc vmax embedded managementscope:eqversion:1.4

Trust: 0.3

vendor:emcmodel:vasa provider virtual appliancescope:eqversion:8.4.0

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.2

Trust: 0.3

vendor:emcmodel:vnx2 oe for filescope:eqversion:8.1.9.155

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:8.0

Trust: 0.3

vendor:emcmodel:vnxe1600scope:neversion:3.1.9.9570228

Trust: 0.3

vendor:emcmodel:vnxe3200scope:eqversion:3.1.0

Trust: 0.3

vendor:emcmodel:vnx1scope:eqversion:7.1.80.3

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:1.6.1.6

Trust: 0.3

vendor:emcmodel:vnx2scope:eqversion:8.0

Trust: 0.3

vendor:emcmodel:unity operating environmentscope:neversion:4.3.0.1522077968

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:neversion:8.4.0.8

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:8.0.3.4

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:1.5

Trust: 0.3

vendor:emcmodel:vnxe1600scope:eqversion:0

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.7.2

Trust: 0.3

vendor:dellmodel:emc solutions enablerscope:eqversion:8.2

Trust: 0.3

vendor:emcmodel:vnx1scope:eqversion:7.0

Trust: 0.3

vendor:emcmodel:vasa provider virtual appliancescope:neversion:8.4.0.512

Trust: 0.3

vendor:emcmodel:solutions enablerscope:eqversion:6.5.883

Trust: 0.3

vendor:emcmodel:unisphere for vmaxscope:eqversion:8.0.2

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:4.0.2

Trust: 0.3

sources: BID: 104024 // JVNDB: JVNDB-2018-004978 // CNNVD: CNNVD-201805-031 // NVD: CVE-2018-1183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1183
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-1183
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201805-031
value: HIGH

Trust: 0.6

VULHUB: VHN-121728
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1183
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-121728
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1183
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121728 // JVNDB: JVNDB-2018-004978 // CNNVD: CNNVD-201805-031 // NVD: CVE-2018-1183

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-121728 // JVNDB: JVNDB-2018-004978 // NVD: CVE-2018-1183

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-031

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-031

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004978

PATCH
title:Top Pageurl:https://www.dellemc.com/en-us/index.htm
Trust: 0.8
title:Multiple Dell EMC Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79775
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004978 // 
            
            
            
            CNNVD: CNNVD-201805-031

EXTERNAL IDS
db:NVDid:CVE-2018-1183
Trust: 2.8
db:BIDid:104024
Trust: 1.4
db:JVNDBid:JVNDB-2018-004978
Trust: 0.8
db:CNNVDid:CNNVD-201805-031
Trust: 0.6
db:VULHUBid:VHN-121728
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121728 // 
            
            
            
            BID: 104024 // 
            
            
            
            JVNDB: JVNDB-2018-004978 // 
            
            
            
            CNNVD: CNNVD-201805-031 // 
            
            
            
            NVD: CVE-2018-1183

REFERENCES
url:http://seclists.org/fulldisclosure/2018/apr/61
Trust: 2.8
url:http://www.securityfocus.com/bid/104024
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1183
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1183
Trust: 0.8
url:http://dell.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-121728 // 
            
            
            
            BID: 104024 // 
            
            
            
            JVNDB: JVNDB-2018-004978 // 
            
            
            
            CNNVD: CNNVD-201805-031 // 
            
            
            
            NVD: CVE-2018-1183

CREDITS
Jakub Palaczynski
Trust: 0.3
sources:
            
            
            BID: 104024

SOURCES
db:VULHUBid:VHN-121728
db:BIDid:104024
db:JVNDBid:JVNDB-2018-004978
db:CNNVDid:CNNVD-201805-031
db:NVDid:CVE-2018-1183

LAST UPDATE DATE
2024-11-23T22:26:25.136000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121728date:2018-06-13T00:00:00
db:BIDid:104024date:2018-04-25T00:00:00
db:JVNDBid:JVNDB-2018-004978date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201805-031date:2018-05-07T00:00:00
db:NVDid:CVE-2018-1183date:2024-11-21T03:59:21.123

SOURCES RELEASE DATE
db:VULHUBid:VHN-121728date:2018-04-30T00:00:00
db:BIDid:104024date:2018-04-25T00:00:00
db:JVNDBid:JVNDB-2018-004978date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201805-031date:2018-04-30T00:00:00
db:NVDid:CVE-2018-1183date:2018-04-30T20:29:00.310