Vulnerabilities (CVE)

Filtered by vendor Emc Subscribe
Total 414 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5000 1 Emc 1 Rsa Archer Egrc 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
CVE-2017-15550 1 Emc 3 Avamar Server, Integrated Data Protection Appliance, Networker 2023-12-10 9.0 HIGH 8.8 HIGH
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
CVE-2017-4985 1 Emc 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more 2023-12-10 7.2 HIGH 7.8 HIGH
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.
CVE-2017-8002 1 Emc 1 Data Protection Advisor 2023-12-10 6.5 MEDIUM 8.8 HIGH
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.
CVE-2017-8018 2 Emc, Microsoft 2 Appsync, Windows 2023-12-10 5.0 MEDIUM 7.5 HIGH
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-8020 1 Emc 1 Scaleio 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.
CVE-2017-5003 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
CVE-2017-14376 1 Emc 1 Appsync 2023-12-10 7.2 HIGH 7.8 HIGH
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-4984 1 Emc 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution.
CVE-2017-8015 1 Emc 1 Appsync 2023-12-10 7.5 HIGH 9.8 CRITICAL
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-8016 1 Emc 1 Archer Grc Platform 2023-12-10 3.5 LOW 5.4 MEDIUM
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
CVE-2017-8024 1 Emc 1 Isilon Onefs 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2017-4990 1 Emc 1 Avamar Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
CVE-2017-8022 1 Emc 1 Networker 2023-12-10 6.8 MEDIUM 8.1 HIGH
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.
CVE-2017-14380 1 Emc 1 Isilon Onefs 2023-12-10 7.2 HIGH 6.7 MEDIUM
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
CVE-2017-5002 1 Emc 1 Rsa Archer Egrc 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.
CVE-2017-8025 1 Emc 1 Archer Grc Platform 2023-12-10 6.8 MEDIUM 7.4 HIGH
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.
CVE-2017-4987 1 Emc 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more 2023-12-10 4.4 MEDIUM 7.3 HIGH
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.
CVE-2017-8003 1 Emc 1 Data Protection Advisor 2023-12-10 6.8 MEDIUM 4.9 MEDIUM
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
CVE-2017-15549 1 Emc 3 Avamar Server, Integrated Data Protection Appliance, Networker 2023-12-10 9.0 HIGH 8.8 HIGH
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.