The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.
Max CVSS
7.8
EPSS Score
3.65%
Published
2008-12-10
Updated
2018-10-11
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
Max CVSS
4.6
EPSS Score
0.04%
Published
2013-07-31
Updated
2013-07-31
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
Max CVSS
3.5
EPSS Score
0.10%
Published
2013-05-03
Updated
2013-05-03

CVE-2014-0644

Public exploit
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Max CVSS
7.8
EPSS Score
36.40%
Published
2014-04-17
Updated
2014-04-17
The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
6.8
EPSS Score
0.15%
Published
2014-07-08
Updated
2017-01-07
The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports.
Max CVSS
5.8
EPSS Score
0.35%
Published
2014-07-19
Updated
2017-01-07
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
Max CVSS
6.3
EPSS Score
0.19%
Published
2014-08-20
Updated
2017-08-29
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-25
Updated
2017-08-29
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.32%
Published
2015-01-07
Updated
2016-12-07
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
Max CVSS
5.0
EPSS Score
8.21%
Published
2015-01-21
Updated
2018-10-09
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
Max CVSS
4.0
EPSS Score
0.17%
Published
2015-02-14
Updated
2017-09-08
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-02-14
Updated
2017-09-08
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-03-24
Updated
2015-07-28
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.
Max CVSS
7.8
EPSS Score
0.32%
Published
2015-07-23
Updated
2015-08-21
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
Max CVSS
3.5
EPSS Score
0.14%
Published
2015-08-20
Updated
2017-09-21
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
Max CVSS
3.5
EPSS Score
0.13%
Published
2015-08-22
Updated
2016-12-24
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields.
Max CVSS
4.0
EPSS Score
0.10%
Published
2015-09-26
Updated
2016-12-08
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach.
Max CVSS
5.0
EPSS Score
0.18%
Published
2015-10-18
Updated
2016-12-08
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-11-18
Updated
2016-12-07
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-12-28
Updated
2016-12-07
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-03-09
Updated
2017-01-11
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Max CVSS
6.4
EPSS Score
0.09%
Published
2017-02-03
Updated
2017-03-02
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.
Max CVSS
4.3
EPSS Score
0.12%
Published
2016-05-03
Updated
2016-12-01
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
Max CVSS
6.3
EPSS Score
0.09%
Published
2016-07-04
Updated
2017-09-01
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
Max CVSS
9.1
EPSS Score
0.31%
Published
2016-09-21
Updated
2017-07-30
37 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!