| CVE-2014-2276 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remo… |
| CVE-2014-0630 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. |
| CVE-2014-0627 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a… |
| CVE-2014-0626 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering a… |
| CVE-2014-0625 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) … |
| CVE-2013-6178 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6180 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended… |
| CVE-2013-6176 |
medium |
— |
6.5 |
|
|
emc |
13y ago |
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publ… |
| CVE-2013-6175 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise… |
| CVE-2013-6174 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Ed… |
| CVE-2013-6173 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Ent… |
| CVE-2013-3286 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2013-3281 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7… |
| CVE-2013-3279 |
medium |
— |
5.0 |
|
|
emc |
13y ago |
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. |
| CVE-2013-3278 |
medium |
— |
4.9 |
|
|
emc |
13y ago |
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configur… |
| CVE-2013-3277 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2013-3276 |
medium |
— |
6.0 |
|
|
emc |
13y ago |
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. |
| CVE-2013-3271 |
medium |
— |
5.0 |
|
|
emc |
13y ago |
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it… |
| CVE-2013-0943 |
medium |
— |
4.6 |
|
|
emc |
13y ago |
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. |
| CVE-2013-3275 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obt… |
| CVE-2013-0942 |
medium |
— |
4.3 |
|
|
emcmicrosoftapache |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t… |
| CVE-2013-3270 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leve… |
| CVE-2013-0939 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive info… |
| CVE-2013-0938 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 all… |
| CVE-2013-0937 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote… |
| CVE-2013-0934 |
medium |
— |
4.0 |
|
|
emc |
13y ago |
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors. |
| CVE-2013-0933 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via un… |
| CVE-2013-0932 |
medium |
— |
4.0 |
|
|
emc |
13y ago |
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors. |
| CVE-2013-0936 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smar… |
| CVE-2012-2294 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. |
| CVE-2012-2293 |
medium |
— |
6.5 |
|
|
emc |
14y ago |
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary… |
| CVE-2012-1064 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via u… |
| CVE-2012-4616 |
medium |
— |
5.0 |
|
|
emc |
14y ago |
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif… |
| CVE-2012-4609 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
| CVE-2012-4608 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2012-4611 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vecto… |
| CVE-2012-4612 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2012-2285 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access … |
| CVE-2012-2282 |
medium |
— |
6.5 |
|
|
emc |
14y ago |
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement N… |
| CVE-2012-2280 |
medium |
— |
5.0 |
|
|
emcrsa |
14y ago |
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via uns… |
| CVE-2012-2279 |
medium |
— |
6.4 |
|
|
emcrsa |
14y ago |
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbi… |
| CVE-2012-2278 |
medium |
— |
4.3 |
|
|
emcrsa |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before … |
| CVE-2012-0407 |
medium |
— |
6.0 |
EXP |
|
emc |
14y ago |
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value… |
| CVE-2012-0404 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-0396 |
medium |
— |
4.0 |
|
|
emc |
15y ago |
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or… |
| CVE-2011-4144 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveragi… |
| CVE-2011-2742 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile a… |
| CVE-2011-2741 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow … |
| CVE-2011-1744 |
medium |
— |
5.8 |
|
|
emc |
15y ago |
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted w… |
| CVE-2011-1743 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1423 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1422 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary we… |
| CVE-2011-1421 |
medium |
— |
6.9 |
|
|
emc |
15y ago |
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via un… |
| CVE-2011-0321 |
medium |
— |
6.4 |
|
|
emc |
16y ago |
librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which all… |
| CVE-2010-1904 |
medium |
— |
6.8 |
|
|
emc |
16y ago |
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data. |
