XML External Entity Injection Vulnerability in Quantum DXi6702 Device
CVE-2019-19144

Currently unrated

Key Information:

Vendor

Quantum

Status
DXi6702
Vendor
CVE Published:
1 August 2025

What is CVE-2019-19144?

An XML External Entity Injection vulnerability exists in Quantum DXi6702 2.3.0.3 devices, exploited via the rest/Users?action=authenticate endpoint. This flaw enables attackers to manipulate XML input, potentially leading to unauthorized access and data exposure.

References

https://www.quantum.com/products/disk-basedbackup/dxi6700...
https://github.com/atredispartners/advisories/blob/master...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.