| CVE-2017-8019 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets … |
| CVE-2017-14379 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-14376 |
high |
7.8 |
7.8 |
|
|
emc |
9y ago |
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-14373 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-10955 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The sp… |
| CVE-2017-8022 |
high |
8.1 |
8.1 |
|
|
emc |
9y ago |
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability… |
| CVE-2017-8025 |
high |
7.4 |
7.4 |
|
|
emc |
9y ago |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files … |
| CVE-2017-8017 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to co… |
| CVE-2017-8016 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in… |
| CVE-2017-8018 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affec… |
| CVE-2017-3757 |
high |
7.8 |
7.8 |
|
|
emc |
9y ago |
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with… |
| CVE-2017-8006 |
medium |
5.9 |
5.9 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to att… |
| CVE-2017-8005 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle… |
| CVE-2017-8004 |
high |
7.2 |
7.2 |
|
|
emcrsa |
9y ago |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle … |
| CVE-2017-8000 |
medium |
4.8 |
4.8 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database… |
| CVE-2017-8003 |
medium |
4.9 |
4.9 |
|
|
emc |
9y ago |
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized informa… |
| CVE-2017-8002 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about… |
| CVE-2017-5002 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrar… |
| CVE-2017-5001 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-5000 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-4999 |
medium |
6.5 |
6.5 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile… |
| CVE-2017-4998 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the… |
| CVE-2017-4986 |
medium |
5.3 |
5.3 |
|
|
emc |
9y ago |
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-5004 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2017-5003 |
medium |
6.1 |
6.1 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2017-4977 |
high |
7.0 |
7.0 |
|
|
emc |
9y ago |
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploi… |
| CVE-2016-6650 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to comp… |
| CVE-2016-9873 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenti… |
| CVE-2016-9872 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected sy… |
| CVE-2016-6649 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with … |
| CVE-2016-6648 |
medium |
4.4 |
4.4 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi… |
| CVE-2016-0890 |
medium |
6.4 |
6.4 |
|
|
emc |
10y ago |
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploite… |
| CVE-2016-8215 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2016-8214 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
| CVE-2016-8213 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P… |
| CVE-2016-9869 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO … |
| CVE-2016-9868 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which … |
| CVE-2016-9867 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate … |
| CVE-2016-0909 |
high |
8.4 |
8.4 |
|
|
emc |
10y ago |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. |
| CVE-2016-6645 |
high |
8.8 |
8.8 |
|
|
dellemc |
10y ago |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute ar… |
| CVE-2016-6647 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0918 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Pop… |
| CVE-2016-0925 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, an… |
| CVE-2016-0921 |
medium |
6.5 |
6.5 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by repl… |
| CVE-2016-0920 |
high |
7.8 |
7.8 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the su… |
| CVE-2016-0905 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. |
| CVE-2016-0904 |
high |
8.6 |
8.6 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to … |
| CVE-2016-6643 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-6642 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. |
| CVE-2016-6641 |
high |
7.6 |
7.6 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-6644 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. |
| CVE-2016-0915 |
high |
8.1 |
8.1 |
|
|
emc |
10y ago |
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an a… |
| CVE-2016-0906 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directori… |
| CVE-2016-0899 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Con… |
| CVE-2016-0914 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Do… |
| CVE-2016-0902 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified … |
| CVE-2016-0901 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0900 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0895 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. |
| CVE-2016-0894 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. |
| CVE-2016-0893 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. |
| CVE-2016-0892 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0891 |
high |
8.8 |
9.8 |
EXP |
|
emc |
10y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. |
| CVE-2016-0888 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. |
| CVE-2016-0886 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. |
| CVE-2016-0882 |
medium |
5.4 |
5.4 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunctio… |
| CVE-2016-0881 |
medium |
6.5 |
6.5 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informati… |
| CVE-2015-6852 |
medium |
4.3 |
4.3 |
|
|
emc |
11y ago |
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
| CVE-2015-6850 |
high |
8.4 |
8.4 |
|
|
emc |
11y ago |
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. |
| CVE-2015-6849 |
high |
— |
7.8 |
|
|
emc |
11y ago |
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authenticati… |
| CVE-2015-6847 |
low |
— |
2.1 |
|
|
emc |
11y ago |
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this… |
| CVE-2015-6846 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. |
| CVE-2015-6845 |
high |
— |
7.5 |
|
|
emc |
11y ago |
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. |
| CVE-2015-6844 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-6843 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. |
| CVE-2015-4546 |
high |
— |
7.8 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote atta… |
| CVE-2015-4543 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database field… |
| CVE-2015-4542 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. |
| CVE-2015-4541 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-4540 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary w… |
| CVE-2015-4539 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2015-4538 |
high |
— |
7.5 |
|
|
emc |
11y ago |
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an extern… |
| CVE-2015-4537 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating th… |
| CVE-2015-4536 |
low |
— |
3.5 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authentica… |
| CVE-2015-4535 |
high |
— |
7.5 |
|
|
emc |
11y ago |
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote a… |
| CVE-2015-4530 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishe… |
| CVE-2015-0542 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2015-4527 |
high |
— |
7.8 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/… |
| CVE-2015-4529 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7,… |
| CVE-2015-4528 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-4526 |
high |
— |
7.2 |
|
|
emc |
11y ago |
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. |
| CVE-2015-0543 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… |
| CVE-2015-4524 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18… |
| CVE-2015-0551 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7… |
| CVE-2015-0548 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) in… |
| CVE-2015-0547 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) inj… |
| CVE-2015-0550 |
high |
— |
8.5 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intende… |
| CVE-2015-0549 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-0526 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (… |
| CVE-2015-0540 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via un… |
