| CVE-2017-14378 |
critical |
10.0 |
10.0 |
|
|
emc |
9y ago |
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." |
| CVE-2017-8020 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root pri… |
| CVE-2017-14379 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-14375 |
critical |
9.8 |
9.8 |
|
|
dellemc |
9y ago |
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512,… |
| CVE-2017-14373 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-8017 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to co… |
| CVE-2017-8016 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in… |
| CVE-2017-8015 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-8006 |
medium |
5.9 |
5.9 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to att… |
| CVE-2017-8005 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle… |
| CVE-2017-8000 |
medium |
4.8 |
4.8 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database… |
| CVE-2017-8003 |
medium |
4.9 |
4.9 |
|
|
emc |
9y ago |
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized informa… |
| CVE-2017-4976 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and … |
| CVE-2017-5002 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrar… |
| CVE-2017-5001 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-5000 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-4999 |
medium |
6.5 |
6.5 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile… |
| CVE-2017-4990 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously … |
| CVE-2017-4989 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to th… |
| CVE-2017-4986 |
medium |
5.3 |
5.3 |
|
|
emc |
9y ago |
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-5004 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2017-5003 |
medium |
6.1 |
6.1 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2017-4982 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise t… |
| CVE-2017-2765 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to com… |
| CVE-2017-2768 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2767 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2766 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pas… |
| CVE-2016-9873 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenti… |
| CVE-2016-9872 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected sy… |
| CVE-2016-6649 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with … |
| CVE-2016-6648 |
medium |
4.4 |
4.4 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi… |
| CVE-2016-0890 |
medium |
6.4 |
6.4 |
|
|
emc |
10y ago |
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploite… |
| CVE-2016-8215 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2016-8214 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
| CVE-2016-8213 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P… |
| CVE-2016-9869 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO … |
| CVE-2016-9868 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which … |
| CVE-2016-6646 |
critical |
9.8 |
9.8 |
|
|
dellemc |
10y ago |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary co… |
| CVE-2016-0913 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to… |
| CVE-2016-6647 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0918 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Pop… |
| CVE-2016-0925 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, an… |
| CVE-2016-0921 |
medium |
6.5 |
6.5 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by repl… |
| CVE-2016-0917 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE befor… |
| CVE-2016-0905 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. |
| CVE-2016-0903 |
critical |
9.1 |
9.1 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … |
| CVE-2016-6643 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-6642 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. |
| CVE-2016-0922 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. |
| CVE-2016-6644 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. |
| CVE-2016-0899 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Con… |
| CVE-2016-0914 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Do… |
| CVE-2016-0916 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetW… |
| CVE-2016-0902 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified … |
| CVE-2016-0901 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0900 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0895 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. |
| CVE-2016-0894 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. |
| CVE-2016-0893 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. |
| CVE-2016-0892 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0886 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. |
| CVE-2016-0882 |
medium |
5.4 |
5.4 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunctio… |
| CVE-2016-0881 |
medium |
6.5 |
6.5 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informati… |
| CVE-2015-6852 |
medium |
4.3 |
4.3 |
|
|
emc |
11y ago |
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
| CVE-2015-6847 |
low |
— |
2.1 |
|
|
emc |
11y ago |
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this… |
| CVE-2015-6846 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. |
| CVE-2015-6844 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-6843 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. |
| CVE-2015-4543 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database field… |
| CVE-2015-4542 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. |
| CVE-2015-4541 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-4540 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary w… |
| CVE-2015-4539 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2015-4544 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privil… |
| CVE-2015-4537 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating th… |
| CVE-2015-4536 |
low |
— |
3.5 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authentica… |
| CVE-2015-4534 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitra… |
| CVE-2015-4533 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows … |
| CVE-2015-4532 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object type… |
| CVE-2015-4531 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which … |
| CVE-2015-4530 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishe… |
| CVE-2015-0542 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2015-4529 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7,… |
| CVE-2015-4528 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-0544 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by pre… |
| CVE-2015-0543 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… |
| CVE-2015-4524 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18… |
| CVE-2015-0551 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7… |
| CVE-2015-0548 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) in… |
| CVE-2015-0547 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) inj… |
| CVE-2015-0545 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2015-0549 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-0526 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (… |
| CVE-2015-0546 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. |
| CVE-2015-0540 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via un… |
| CVE-2015-0538 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. |
| CVE-2015-0531 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. |
| CVE-2015-0529 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive … |
| CVE-2015-0527 |
low |
— |
2.1 |
|
|
emc |
11y ago |
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) prov… |
| CVE-2015-0522 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary … |
