CVE-2016-6898
MEDIUMHuawei E9000 Chassis < V100R001C00 - Authenticated XML External Entity Injection
Title source: llmDescription
XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92620
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en
Scores
CVSS v3
6.6
EPSS
0.0008
EPSS Percentile
24.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-284
Status
published
Products (1)
huawei/e9000_chassis
< v100r001c00
Published
Sep 07, 2016
Tracked Since
Feb 18, 2026