| CVE-2015-4533 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows … |
| CVE-2015-4532 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object type… |
| CVE-2015-4531 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which … |
| CVE-2015-4530 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishe… |
| CVE-2015-0542 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2015-4527 |
high |
— |
7.8 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/… |
| CVE-2015-4529 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7,… |
| CVE-2015-4526 |
high |
— |
7.2 |
|
|
emc |
11y ago |
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. |
| CVE-2015-0544 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by pre… |
| CVE-2015-0543 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… |
| CVE-2015-4524 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18… |
| CVE-2015-0548 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) in… |
| CVE-2015-0547 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) inj… |
| CVE-2015-0545 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2015-0550 |
high |
— |
8.5 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intende… |
| CVE-2015-0526 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (… |
| CVE-2015-0546 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. |
| CVE-2015-0540 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via un… |
| CVE-2015-0538 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. |
| CVE-2015-0531 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. |
| CVE-2015-0532 |
high |
— |
7.5 |
|
|
emc |
11y ago |
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the … |
| CVE-2015-0530 |
high |
— |
7.2 |
|
|
emc |
11y ago |
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors. |
| CVE-2015-0529 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive … |
| CVE-2015-0525 |
high |
— |
7.5 |
|
|
emc |
11y ago |
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
| CVE-2015-0524 |
high |
— |
7.5 |
|
|
emc |
11y ago |
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via uns… |
| CVE-2015-0523 |
high |
— |
7.8 |
|
|
emc |
11y ago |
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invali… |
| CVE-2015-0522 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary … |
| CVE-2015-0518 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser pri… |
| CVE-2015-0517 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticat… |
| CVE-2015-0512 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. |
| CVE-2015-0516 |
medium |
— |
5.0 |
EXP |
|
emc |
12y ago |
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. |
| CVE-2015-0515 |
medium |
— |
6.5 |
|
|
emc |
12y ago |
Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an… |
| CVE-2015-0514 |
medium |
— |
6.0 |
EXP |
|
emc |
12y ago |
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decrypt… |
| CVE-2014-4639 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to condu… |
| CVE-2014-4638 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. |
| CVE-2014-4637 |
medium |
— |
6.4 |
|
|
emc |
12y ago |
Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified par… |
| CVE-2014-4636 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perfor… |
| CVE-2014-4635 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4634 |
medium |
— |
4.6 |
|
|
emc |
12y ago |
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed … |
| CVE-2014-4626 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job obje… |
| CVE-2014-4633 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4628 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-2516 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vect… |
| CVE-2014-4631 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phon… |
| CVE-2014-4629 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct… |
| CVE-2014-4623 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, wh… |
| CVE-2014-4622 |
high |
— |
7.1 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysad… |
| CVE-2014-4621 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated u… |
| CVE-2014-4619 |
critical |
— |
9.3 |
|
|
emc |
12y ago |
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers… |
| CVE-2014-4618 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. |
| CVE-2014-2521 |
medium |
— |
6.3 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. |
| CVE-2014-2520 |
medium |
— |
6.3 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL inj… |
| CVE-2014-2518 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2014-2517 |
medium |
— |
6.5 |
|
|
emc |
12y ago |
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. |
| CVE-2014-2515 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,… |
| CVE-2014-2511 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) starta… |
| CVE-2014-2505 |
medium |
— |
5.4 |
|
|
emc |
12y ago |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. |
| CVE-2014-0641 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2014-0640 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. |
| CVE-2014-2514 |
high |
— |
8.2 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allow… |
| CVE-2014-2513 |
high |
— |
8.2 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authent… |
| CVE-2014-2510 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, … |
| CVE-2014-2509 |
medium |
— |
5.4 |
|
|
emc |
12y ago |
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. |
| CVE-2013-6078 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which mak… |
| CVE-2014-2508 |
high |
— |
7.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks… |
| CVE-2014-2507 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in ar… |
| CVE-2014-2506 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, … |
| CVE-2014-2503 |
high |
— |
7.5 |
|
|
emc |
12y ago |
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection… |
| CVE-2014-2502 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-2504 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… |
| CVE-2014-0639 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-0643 |
high |
— |
7.6 |
|
|
emc |
12y ago |
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass … |
| CVE-2014-0646 |
medium |
— |
6.9 |
|
|
emc |
12y ago |
The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows l… |
| CVE-2014-0645 |
medium |
— |
4.7 |
|
|
emc |
12y ago |
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-depen… |
| CVE-2014-0644 |
high |
— |
8.8 |
EXP |
|
emc |
12y ago |
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity r… |
| CVE-2014-0642 |
medium |
— |
5.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro… |
| CVE-2014-0638 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving… |
| CVE-2014-0637 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to … |
| CVE-2014-0635 |
high |
— |
7.5 |
|
|
emc |
12y ago |
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2014-0634 |
medium |
— |
6.0 |
|
|
emc |
12y ago |
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen… |
| CVE-2014-0633 |
high |
— |
7.7 |
|
|
emc |
12y ago |
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an … |
| CVE-2014-0632 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
| CVE-2014-0623 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecifie… |
| CVE-2014-2276 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remo… |
| CVE-2014-0630 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. |
| CVE-2014-0629 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote aut… |
| CVE-2014-0627 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a… |
| CVE-2014-0626 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering a… |
| CVE-2014-0625 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) … |
| CVE-2014-0622 |
critical |
— |
9.0 |
|
|
emc |
13y ago |
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, w… |
| CVE-2013-6182 |
high |
— |
7.2 |
|
|
emc |
13y ago |
Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. |
| CVE-2013-6178 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6810 |
critical |
— |
10.0 |
EXP |
|
emc |
13y ago |
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote a… |
| CVE-2013-6180 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended… |
| CVE-2013-6176 |
medium |
— |
6.5 |
|
|
emc |
13y ago |
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publ… |
| CVE-2013-6175 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise… |
| CVE-2013-6174 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Ed… |
| CVE-2013-6173 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Ent… |
| CVE-2013-3286 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2013-3281 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7… |
