| CVE-2017-14378 |
critical |
10.0 |
10.0 |
|
|
emc |
9y ago |
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." |
| CVE-2017-8020 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root pri… |
| CVE-2017-8019 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets … |
| CVE-2017-14376 |
high |
7.8 |
7.8 |
|
|
emc |
9y ago |
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-14375 |
critical |
9.8 |
9.8 |
|
|
dellemc |
9y ago |
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512,… |
| CVE-2017-10955 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The sp… |
| CVE-2017-8022 |
high |
8.1 |
8.1 |
|
|
emc |
9y ago |
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability… |
| CVE-2017-8025 |
high |
7.4 |
7.4 |
|
|
emc |
9y ago |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files … |
| CVE-2017-8018 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affec… |
| CVE-2017-8015 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-3757 |
high |
7.8 |
7.8 |
|
|
emc |
9y ago |
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with… |
| CVE-2017-8004 |
high |
7.2 |
7.2 |
|
|
emcrsa |
9y ago |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle … |
| CVE-2017-8002 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about… |
| CVE-2017-4976 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and … |
| CVE-2017-4998 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the… |
| CVE-2017-4990 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously … |
| CVE-2017-4989 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to th… |
| CVE-2017-4982 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise t… |
| CVE-2017-4977 |
high |
7.0 |
7.0 |
|
|
emc |
9y ago |
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploi… |
| CVE-2016-6650 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to comp… |
| CVE-2017-2765 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to com… |
| CVE-2017-2768 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2767 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2766 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pas… |
| CVE-2016-9867 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate … |
| CVE-2016-0909 |
high |
8.4 |
8.4 |
|
|
emc |
10y ago |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. |
| CVE-2016-6646 |
critical |
9.8 |
9.8 |
|
|
dellemc |
10y ago |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary co… |
| CVE-2016-6645 |
high |
8.8 |
8.8 |
|
|
dellemc |
10y ago |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute ar… |
| CVE-2016-0913 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to… |
| CVE-2016-0920 |
high |
7.8 |
7.8 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the su… |
| CVE-2016-0917 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE befor… |
| CVE-2016-0904 |
high |
8.6 |
8.6 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to … |
| CVE-2016-0903 |
critical |
9.1 |
9.1 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … |
| CVE-2016-6641 |
high |
7.6 |
7.6 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0922 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. |
| CVE-2016-0915 |
high |
8.1 |
8.1 |
|
|
emc |
10y ago |
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an a… |
| CVE-2016-0906 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directori… |
| CVE-2016-0916 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetW… |
| CVE-2016-0891 |
high |
8.8 |
9.8 |
EXP |
|
emc |
10y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. |
| CVE-2016-0888 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. |
| CVE-2015-6850 |
high |
8.4 |
8.4 |
|
|
emc |
11y ago |
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. |
| CVE-2015-6849 |
high |
— |
7.8 |
|
|
emc |
11y ago |
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authenticati… |
| CVE-2015-6847 |
low |
— |
2.1 |
|
|
emc |
11y ago |
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this… |
| CVE-2015-6845 |
high |
— |
7.5 |
|
|
emc |
11y ago |
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. |
| CVE-2015-4546 |
high |
— |
7.8 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote atta… |
| CVE-2015-4541 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-4540 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary w… |
| CVE-2015-4544 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privil… |
| CVE-2015-4538 |
high |
— |
7.5 |
|
|
emc |
11y ago |
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an extern… |
| CVE-2015-4537 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating th… |
| CVE-2015-4536 |
low |
— |
3.5 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authentica… |
| CVE-2015-4535 |
high |
— |
7.5 |
|
|
emc |
11y ago |
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote a… |
| CVE-2015-4534 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitra… |
| CVE-2015-4533 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows … |
| CVE-2015-4532 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object type… |
| CVE-2015-4531 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which … |
| CVE-2015-4527 |
high |
— |
7.8 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/… |
| CVE-2015-4528 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-4526 |
high |
— |
7.2 |
|
|
emc |
11y ago |
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. |
| CVE-2015-0544 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by pre… |
| CVE-2015-0551 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7… |
| CVE-2015-0545 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2015-0550 |
high |
— |
8.5 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intende… |
| CVE-2015-0549 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-0546 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. |
| CVE-2015-0538 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. |
| CVE-2015-0532 |
high |
— |
7.5 |
|
|
emc |
11y ago |
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the … |
| CVE-2015-0530 |
high |
— |
7.2 |
|
|
emc |
11y ago |
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors. |
| CVE-2015-0527 |
low |
— |
2.1 |
|
|
emc |
11y ago |
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) prov… |
| CVE-2015-0525 |
high |
— |
7.5 |
|
|
emc |
11y ago |
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
| CVE-2015-0524 |
high |
— |
7.5 |
|
|
emc |
11y ago |
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via uns… |
| CVE-2015-0523 |
high |
— |
7.8 |
|
|
emc |
11y ago |
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invali… |
| CVE-2015-0521 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject … |
| CVE-2015-0519 |
low |
— |
2.1 |
|
|
emc |
12y ago |
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows … |
| CVE-2015-0518 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser pri… |
| CVE-2015-0513 |
low |
— |
3.5 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject a… |
| CVE-2014-4626 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job obje… |
| CVE-2014-4629 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct… |
| CVE-2014-4620 |
low |
— |
2.1 |
|
|
meditechemc |
12y ago |
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, w… |
| CVE-2014-4622 |
high |
— |
7.1 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysad… |
| CVE-2014-4621 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated u… |
| CVE-2014-4619 |
critical |
— |
9.3 |
|
|
emc |
12y ago |
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers… |
| CVE-2014-4618 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. |
| CVE-2014-2515 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,… |
| CVE-2014-2514 |
high |
— |
8.2 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allow… |
| CVE-2014-2513 |
high |
— |
8.2 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authent… |
| CVE-2014-2512 |
low |
— |
3.5 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecif… |
| CVE-2014-2508 |
high |
— |
7.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks… |
| CVE-2014-2507 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in ar… |
| CVE-2014-2506 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, … |
| CVE-2014-2503 |
high |
— |
7.5 |
|
|
emc |
12y ago |
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection… |
| CVE-2014-2504 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… |
| CVE-2014-0643 |
high |
— |
7.6 |
|
|
emc |
12y ago |
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass … |
| CVE-2014-0644 |
high |
— |
8.8 |
EXP |
|
emc |
12y ago |
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity r… |
| CVE-2014-0635 |
high |
— |
7.5 |
|
|
emc |
12y ago |
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2014-0633 |
high |
— |
7.7 |
|
|
emc |
12y ago |
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an … |
| CVE-2014-0632 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
| CVE-2014-0629 |
high |
— |
8.5 |
|
|
emc |
12y ago |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote aut… |
| CVE-2014-0624 |
low |
— |
2.7 |
|
|
emc |
12y ago |
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions vi… |
| CVE-2014-0622 |
critical |
— |
9.0 |
|
|
emc |
13y ago |
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, w… |
