Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-03-08
Updated
2024-03-08
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-13
Updated
2019-02-01
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.
Max CVSS
5.8
EPSS Score
0.22%
Published
2018-09-28
Updated
2020-03-27
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Max CVSS
5.4
EPSS Score
0.08%
Published
2017-11-28
Updated
2017-12-20
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-10-11
Updated
2017-11-03
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources.
Max CVSS
5.9
EPSS Score
0.34%
Published
2017-07-17
Updated
2017-08-10
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.
Max CVSS
5.4
EPSS Score
0.08%
Published
2017-07-17
Updated
2021-08-06
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-06-09
Updated
2022-04-29
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.
Max CVSS
5.3
EPSS Score
0.16%
Published
2017-06-14
Updated
2017-07-08
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-01-06
Updated
2017-01-11
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-01-06
Updated
2017-01-11
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
5.4
EPSS Score
0.09%
Published
2016-09-30
Updated
2017-07-30
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
Max CVSS
5.3
EPSS Score
0.38%
Published
2016-09-17
Updated
2017-08-13
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
5.4
EPSS Score
0.09%
Published
2016-09-21
Updated
2017-07-30
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
Max CVSS
5.9
EPSS Score
0.07%
Published
2016-05-30
Updated
2017-08-08
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.25%
Published
2016-05-07
Updated
2016-12-01
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
5.5
EPSS Score
0.10%
Published
2016-02-12
Updated
2017-01-11
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach.
Max CVSS
5.0
EPSS Score
0.18%
Published
2015-10-18
Updated
2016-12-08
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Max CVSS
5.8
EPSS Score
0.25%
Published
2015-07-16
Updated
2017-09-22
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.8
EPSS Score
0.08%
Published
2015-07-05
Updated
2016-12-28
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
5.0
EPSS Score
0.33%
Published
2015-05-07
Updated
2016-04-01
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.
Max CVSS
5.0
EPSS Score
0.22%
Published
2015-04-05
Updated
2016-08-23
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
Max CVSS
5.0
EPSS Score
8.21%
Published
2015-01-21
Updated
2018-10-09
Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.
Max CVSS
5.8
EPSS Score
0.25%
Published
2015-02-02
Updated
2015-09-17
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.
Max CVSS
5.0
EPSS Score
0.25%
Published
2015-01-07
Updated
2017-08-29
53 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!