| CVE-2017-14378 |
critical |
10.0 |
10.0 |
|
|
emc |
9y ago |
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." |
| CVE-2017-8020 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root pri… |
| CVE-2017-14375 |
critical |
9.8 |
9.8 |
|
|
dellemc |
9y ago |
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512,… |
| CVE-2017-8015 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-4976 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and … |
| CVE-2017-4990 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously … |
| CVE-2017-4989 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to th… |
| CVE-2017-4982 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise t… |
| CVE-2017-2765 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to com… |
| CVE-2017-2768 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2767 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2766 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pas… |
| CVE-2016-6646 |
critical |
9.8 |
9.8 |
|
|
dellemc |
10y ago |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary co… |
| CVE-2016-0913 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to… |
| CVE-2016-0917 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE befor… |
| CVE-2016-0903 |
critical |
9.1 |
9.1 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … |
| CVE-2016-0922 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. |
| CVE-2016-0916 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetW… |
| CVE-2015-6847 |
low |
— |
2.1 |
|
|
emc |
11y ago |
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this… |
| CVE-2015-4541 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-4540 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary w… |
| CVE-2015-4544 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privil… |
| CVE-2015-4537 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating th… |
| CVE-2015-4536 |
low |
— |
3.5 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authentica… |
| CVE-2015-4534 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitra… |
| CVE-2015-4533 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows … |
| CVE-2015-4532 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object type… |
| CVE-2015-4531 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which … |
| CVE-2015-4528 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-0544 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by pre… |
| CVE-2015-0551 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7… |
| CVE-2015-0545 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2015-0549 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-0546 |
critical |
— |
10.0 |
|
|
emc |
11y ago |
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. |
| CVE-2015-0538 |
critical |
— |
9.3 |
|
|
emc |
11y ago |
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. |
| CVE-2015-0527 |
low |
— |
2.1 |
|
|
emc |
11y ago |
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) prov… |
| CVE-2015-0521 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject … |
| CVE-2015-0519 |
low |
— |
2.1 |
|
|
emc |
12y ago |
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows … |
| CVE-2015-0518 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser pri… |
| CVE-2015-0513 |
low |
— |
3.5 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject a… |
| CVE-2014-4626 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job obje… |
| CVE-2014-4629 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct… |
| CVE-2014-4620 |
low |
— |
2.1 |
|
|
meditechemc |
12y ago |
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, w… |
| CVE-2014-4619 |
critical |
— |
9.3 |
|
|
emc |
12y ago |
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers… |
| CVE-2014-2512 |
low |
— |
3.5 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecif… |
| CVE-2014-2504 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… |
| CVE-2014-0632 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
| CVE-2014-0624 |
low |
— |
2.7 |
|
|
emc |
12y ago |
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions vi… |
| CVE-2014-0622 |
critical |
— |
9.0 |
|
|
emc |
13y ago |
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, w… |
| CVE-2013-6181 |
low |
— |
2.1 |
|
|
emc |
13y ago |
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. |
| CVE-2013-6810 |
critical |
— |
10.0 |
EXP |
|
emc |
13y ago |
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote a… |
| CVE-2013-6177 |
low |
— |
3.5 |
|
|
emc |
13y ago |
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish E… |
| CVE-2013-3285 |
low |
— |
3.5 |
|
|
emc |
13y ago |
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrato… |
| CVE-2013-3274 |
critical |
— |
9.0 |
|
|
emc |
13y ago |
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authen… |
| CVE-2013-3273 |
low |
— |
2.1 |
|
|
emcrsa |
13y ago |
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which… |
| CVE-2013-3272 |
low |
— |
2.1 |
|
|
emc |
13y ago |
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an … |
| CVE-2013-0946 |
critical |
— |
10.0 |
EXP |
|
emc |
13y ago |
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. |
| CVE-2013-0945 |
critical |
— |
9.3 |
|
|
emc |
13y ago |
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man… |
| CVE-2013-0944 |
low |
— |
3.5 |
|
|
emc |
13y ago |
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. |
| CVE-2013-2717 |
critical |
— |
9.3 |
|
|
emc |
13y ago |
Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different … |
| CVE-2013-0935 |
critical |
— |
9.3 |
|
|
emc |
13y ago |
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vector… |
| CVE-2013-0928 |
critical |
— |
10.0 |
EXP |
|
emc |
14y ago |
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. |
| CVE-2012-4607 |
critical |
— |
9.3 |
|
|
emc |
14y ago |
Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. |
| CVE-2012-4615 |
low |
— |
2.1 |
|
|
emc |
14y ago |
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vect… |
| CVE-2012-4614 |
critical |
— |
9.3 |
|
|
emc |
14y ago |
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact… |
| CVE-2012-4610 |
low |
— |
3.3 |
|
|
emc |
14y ago |
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to th… |
| CVE-2012-2290 |
critical |
— |
9.3 |
|
|
emc |
14y ago |
The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted messag… |
| CVE-2012-2284 |
low |
— |
2.1 |
|
|
emcmicrosoft |
14y ago |
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local use… |
| CVE-2012-2286 |
low |
— |
2.9 |
|
|
emc |
14y ago |
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2012-2288 |
critical |
— |
10.0 |
EXP |
|
emc |
14y ago |
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specif… |
| CVE-2012-2515 |
critical |
— |
10.0 |
EXP |
|
emcge |
14y ago |
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXt… |
| CVE-2012-0395 |
critical |
— |
9.3 |
|
|
emc |
15y ago |
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute ar… |
| CVE-2011-4142 |
low |
— |
2.1 |
|
|
emc |
15y ago |
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to… |
| CVE-2011-2738 |
critical |
— |
10.0 |
|
|
ciscoemc |
15y ago |
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and m… |
| CVE-2011-1742 |
low |
— |
2.1 |
|
|
emc |
15y ago |
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information… |
| CVE-2011-1741 |
critical |
— |
10.0 |
|
|
emc |
15y ago |
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote a… |
| CVE-2011-1424 |
low |
— |
3.5 |
|
|
emcmicrosoftibm |
15y ago |
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the t… |
| CVE-2011-0442 |
low |
— |
3.5 |
|
|
emc |
15y ago |
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive inf… |
| CVE-2011-0647 |
critical |
— |
10.0 |
EXP |
|
emc |
16y ago |
The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunPro… |
| CVE-2009-2754 |
critical |
— |
10.0 |
EXP |
|
ibmemc |
17y ago |
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.… |
| CVE-2010-0620 |
critical |
— |
10.0 |
EXP |
|
emc |
17y ago |
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and conseq… |
