Filtered by vendor Emc
Subscribe
Total
414 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6844 | 1 Emc | 1 Sourceone Email Supervisor | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4541 | 1 Emc | 1 Rsa Archer Grc | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-0892 | 1 Emc | 1 Rsa Data Loss Prevention | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-0526 | 1 Emc | 1 Rsa Validation Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. | |||||
CVE-2016-0886 | 1 Emc | 1 Documentum Xcp | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||||
CVE-2016-0902 | 1 Emc | 1 Rsa Authentication Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
CVE-2015-6847 | 1 Emc | 1 Vplex Geosynchrony | 2023-12-10 | 2.1 LOW | N/A |
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2015-4530 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518. | |||||
CVE-2015-0550 | 1 Emc | 1 Documentum Thumbnail Server | 2023-12-10 | 8.5 HIGH | N/A |
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors. | |||||
CVE-2016-0882 | 1 Emc | 1 Documentum Xcp | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2015-0542 | 1 Emc | 1 Rsa Archer Egrc | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2015-6850 | 1 Emc | 1 Vplex Geosynchrony | 2023-12-10 | 7.2 HIGH | 8.4 HIGH |
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |||||
CVE-2015-6849 | 1 Emc | 1 Networker | 2023-12-10 | 7.8 HIGH | N/A |
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. | |||||
CVE-2016-0901 | 1 Emc | 1 Rsa Authentication Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | |||||
CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | |||||
CVE-2015-4527 | 1 Emc | 2 Avamar Server, Avamar Server Virtual Edition | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. | |||||
CVE-2015-0543 | 1 Emc | 1 Secure Remote Services | 2023-12-10 | 5.8 MEDIUM | N/A |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-0903 | 1 Emc | 1 Avamar Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | |||||
CVE-2015-4529 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2023-12-10 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
CVE-2015-4533 | 1 Emc | 1 Documentum Content Server | 2023-12-10 | 9.0 HIGH | N/A |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. |