| CVE-2014-0640 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. |
| CVE-2014-2510 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, … |
| CVE-2014-2512 |
low |
— |
3.5 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecif… |
| CVE-2014-2509 |
medium |
— |
5.4 |
|
|
emc |
12y ago |
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. |
| CVE-2013-6078 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which mak… |
| CVE-2014-2502 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-0639 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-0646 |
medium |
— |
6.9 |
|
|
emc |
12y ago |
The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows l… |
| CVE-2014-0645 |
medium |
— |
4.7 |
|
|
emc |
12y ago |
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-depen… |
| CVE-2014-0642 |
medium |
— |
5.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro… |
| CVE-2014-0638 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving… |
| CVE-2014-0637 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to … |
| CVE-2014-0634 |
medium |
— |
6.0 |
|
|
emc |
12y ago |
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen… |
| CVE-2014-0623 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecifie… |
| CVE-2014-2276 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remo… |
| CVE-2014-0630 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. |
| CVE-2014-0624 |
low |
— |
2.7 |
|
|
emc |
12y ago |
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions vi… |
| CVE-2014-0627 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a… |
| CVE-2014-0626 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering a… |
| CVE-2014-0625 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) … |
| CVE-2013-6181 |
low |
— |
2.1 |
|
|
emc |
13y ago |
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. |
| CVE-2013-6178 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6180 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended… |
| CVE-2013-6177 |
low |
— |
3.5 |
|
|
emc |
13y ago |
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish E… |
| CVE-2013-6176 |
medium |
— |
6.5 |
|
|
emc |
13y ago |
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publ… |
| CVE-2013-6175 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise… |
| CVE-2013-6174 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Ed… |
| CVE-2013-6173 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Ent… |
| CVE-2013-3286 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2013-3281 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7… |
| CVE-2013-3285 |
low |
— |
3.5 |
|
|
emc |
13y ago |
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrato… |
| CVE-2013-3279 |
medium |
— |
5.0 |
|
|
emc |
13y ago |
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. |
| CVE-2013-3278 |
medium |
— |
4.9 |
|
|
emc |
13y ago |
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configur… |
| CVE-2013-3277 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2013-3276 |
medium |
— |
6.0 |
|
|
emc |
13y ago |
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. |
| CVE-2013-3271 |
medium |
— |
5.0 |
|
|
emc |
13y ago |
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it… |
| CVE-2013-0943 |
medium |
— |
4.6 |
|
|
emc |
13y ago |
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. |
| CVE-2013-3275 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obt… |
| CVE-2013-3273 |
low |
— |
2.1 |
|
|
emcrsa |
13y ago |
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which… |
| CVE-2013-3272 |
low |
— |
2.1 |
|
|
emc |
13y ago |
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an … |
| CVE-2013-0942 |
medium |
— |
4.3 |
|
|
emcmicrosoftapache |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t… |
| CVE-2013-3270 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leve… |
| CVE-2013-0939 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive info… |
| CVE-2013-0938 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 all… |
| CVE-2013-0937 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote… |
| CVE-2013-0934 |
medium |
— |
4.0 |
|
|
emc |
13y ago |
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors. |
| CVE-2013-0933 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via un… |
| CVE-2013-0932 |
medium |
— |
4.0 |
|
|
emc |
13y ago |
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors. |
| CVE-2013-0944 |
low |
— |
3.5 |
|
|
emc |
13y ago |
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. |
| CVE-2013-0936 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smar… |
| CVE-2012-2294 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. |
| CVE-2012-2293 |
medium |
— |
6.5 |
|
|
emc |
14y ago |
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary… |
| CVE-2012-1064 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via u… |
| CVE-2012-4616 |
medium |
— |
5.0 |
|
|
emc |
14y ago |
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif… |
| CVE-2012-4609 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
| CVE-2012-4608 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2012-4615 |
low |
— |
2.1 |
|
|
emc |
14y ago |
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vect… |
| CVE-2012-4611 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vecto… |
| CVE-2012-4612 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2012-4610 |
low |
— |
3.3 |
|
|
emc |
14y ago |
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to th… |
| CVE-2012-2284 |
low |
— |
2.1 |
|
|
emcmicrosoft |
14y ago |
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local use… |
| CVE-2012-2286 |
low |
— |
2.9 |
|
|
emc |
14y ago |
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2012-2285 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access … |
| CVE-2012-2282 |
medium |
— |
6.5 |
|
|
emc |
14y ago |
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement N… |
| CVE-2012-2280 |
medium |
— |
5.0 |
|
|
emcrsa |
14y ago |
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via uns… |
| CVE-2012-2279 |
medium |
— |
6.4 |
|
|
emcrsa |
14y ago |
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbi… |
| CVE-2012-2278 |
medium |
— |
4.3 |
|
|
emcrsa |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before … |
| CVE-2012-0407 |
medium |
— |
6.0 |
EXP |
|
emc |
14y ago |
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value… |
| CVE-2012-0404 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-0396 |
medium |
— |
4.0 |
|
|
emc |
15y ago |
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or… |
| CVE-2011-4144 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveragi… |
| CVE-2011-4142 |
low |
— |
2.1 |
|
|
emc |
15y ago |
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to… |
| CVE-2011-2742 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile a… |
| CVE-2011-2741 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow … |
| CVE-2011-1744 |
medium |
— |
5.8 |
|
|
emc |
15y ago |
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted w… |
| CVE-2011-1743 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1742 |
low |
— |
2.1 |
|
|
emc |
15y ago |
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information… |
| CVE-2011-1424 |
low |
— |
3.5 |
|
|
emcmicrosoftibm |
15y ago |
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the t… |
| CVE-2011-1423 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1422 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary we… |
| CVE-2011-1421 |
medium |
— |
6.9 |
|
|
emc |
15y ago |
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via un… |
| CVE-2011-0442 |
low |
— |
3.5 |
|
|
emc |
15y ago |
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive inf… |
| CVE-2011-0321 |
medium |
— |
6.4 |
|
|
emc |
16y ago |
librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which all… |
| CVE-2010-1904 |
medium |
— |
6.8 |
|
|
emc |
16y ago |
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data. |
