| CVE-2017-14379 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-14373 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-8017 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to co… |
| CVE-2017-8016 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in… |
| CVE-2017-8006 |
medium |
5.9 |
5.9 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to att… |
| CVE-2017-8005 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle… |
| CVE-2017-8000 |
medium |
4.8 |
4.8 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database… |
| CVE-2017-8003 |
medium |
4.9 |
4.9 |
|
|
emc |
9y ago |
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized informa… |
| CVE-2017-5002 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrar… |
| CVE-2017-5001 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-5000 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-4999 |
medium |
6.5 |
6.5 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile… |
| CVE-2017-4986 |
medium |
5.3 |
5.3 |
|
|
emc |
9y ago |
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-5004 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2017-5003 |
medium |
6.1 |
6.1 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2016-9873 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenti… |
| CVE-2016-9872 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected sy… |
| CVE-2016-6649 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with … |
| CVE-2016-6648 |
medium |
4.4 |
4.4 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi… |
| CVE-2016-0890 |
medium |
6.4 |
6.4 |
|
|
emc |
10y ago |
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploite… |
| CVE-2016-8215 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2016-8214 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
| CVE-2016-8213 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P… |
| CVE-2016-9869 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO … |
| CVE-2016-9868 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which … |
| CVE-2016-6647 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0918 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Pop… |
| CVE-2016-0925 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, an… |
| CVE-2016-0921 |
medium |
6.5 |
6.5 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by repl… |
| CVE-2016-0905 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. |
| CVE-2016-6643 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-6642 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. |
| CVE-2016-6644 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. |
| CVE-2016-0899 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Con… |
| CVE-2016-0914 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Do… |
| CVE-2016-0902 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified … |
| CVE-2016-0901 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0900 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0895 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. |
| CVE-2016-0894 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. |
| CVE-2016-0893 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. |
| CVE-2016-0892 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0886 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. |
| CVE-2016-0882 |
medium |
5.4 |
5.4 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunctio… |
| CVE-2016-0881 |
medium |
6.5 |
6.5 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informati… |
| CVE-2015-6852 |
medium |
4.3 |
4.3 |
|
|
emc |
11y ago |
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
| CVE-2015-6846 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. |
| CVE-2015-6844 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-6843 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. |
| CVE-2015-4543 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database field… |
| CVE-2015-4542 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. |
| CVE-2015-4539 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2015-4530 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishe… |
| CVE-2015-0542 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2015-4529 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7,… |
| CVE-2015-0543 |
medium |
— |
5.8 |
|
|
emc |
11y ago |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… |
| CVE-2015-4524 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18… |
| CVE-2015-0548 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) in… |
| CVE-2015-0547 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) inj… |
| CVE-2015-0526 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (… |
| CVE-2015-0540 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via un… |
| CVE-2015-0531 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. |
| CVE-2015-0529 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive … |
| CVE-2015-0522 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary … |
| CVE-2015-0517 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticat… |
| CVE-2015-0512 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. |
| CVE-2015-0516 |
medium |
— |
5.0 |
EXP |
|
emc |
12y ago |
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. |
| CVE-2015-0515 |
medium |
— |
6.5 |
|
|
emc |
12y ago |
Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an… |
| CVE-2015-0514 |
medium |
— |
6.0 |
EXP |
|
emc |
12y ago |
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decrypt… |
| CVE-2014-4639 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to condu… |
| CVE-2014-4638 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. |
| CVE-2014-4637 |
medium |
— |
6.4 |
|
|
emc |
12y ago |
Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified par… |
| CVE-2014-4636 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perfor… |
| CVE-2014-4635 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4634 |
medium |
— |
4.6 |
|
|
emc |
12y ago |
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed … |
| CVE-2014-4633 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4628 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-2516 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vect… |
| CVE-2014-4631 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phon… |
| CVE-2014-4623 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, wh… |
| CVE-2014-2521 |
medium |
— |
6.3 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. |
| CVE-2014-2520 |
medium |
— |
6.3 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL inj… |
| CVE-2014-2518 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2014-2517 |
medium |
— |
6.5 |
|
|
emc |
12y ago |
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. |
| CVE-2014-2511 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) starta… |
| CVE-2014-2505 |
medium |
— |
5.4 |
|
|
emc |
12y ago |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. |
| CVE-2014-0641 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2014-0640 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. |
| CVE-2014-2510 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, … |
| CVE-2014-2509 |
medium |
— |
5.4 |
|
|
emc |
12y ago |
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. |
| CVE-2013-6078 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which mak… |
| CVE-2014-2502 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-0639 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-0646 |
medium |
— |
6.9 |
|
|
emc |
12y ago |
The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows l… |
| CVE-2014-0645 |
medium |
— |
4.7 |
|
|
emc |
12y ago |
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-depen… |
| CVE-2014-0642 |
medium |
— |
5.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro… |
| CVE-2014-0638 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving… |
| CVE-2014-0637 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to … |
| CVE-2014-0634 |
medium |
— |
6.0 |
|
|
emc |
12y ago |
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen… |
| CVE-2014-0623 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecifie… |
