CVE-2016-6898

MEDIUM

Huawei E9000 Chassis < v100r001c00 - Improper Access Control

Title source: rule

Description

XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.

References (2)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92620

Scores

CVSS v3 6.6

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Classification

CWE

CWE-284

Status published

Affected Products (2)

huawei/e9000_chassis < v100r001c00

n/a/n/a

Timeline

Published Sep 07, 2016

Tracked Since Feb 18, 2026