RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-01-03
Updated
2020-01-14
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-13
Updated
2019-02-01
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
Max CVSS
8.0
EPSS Score
0.04%
Published
2018-04-18
Updated
2019-10-03
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
Max CVSS
4.3
EPSS Score
0.10%
Published
2017-07-07
Updated
2017-07-17
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
Max CVSS
4.3
EPSS Score
0.10%
Published
2017-07-07
Updated
2017-07-11
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.
Max CVSS
6.5
EPSS Score
0.13%
Published
2017-07-07
Updated
2017-07-11
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.
Max CVSS
5.3
EPSS Score
0.16%
Published
2017-06-14
Updated
2017-07-08
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.
Max CVSS
7.0
EPSS Score
0.05%
Published
2017-03-29
Updated
2017-07-12
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Max CVSS
7.5
EPSS Score
0.66%
Published
2017-03-21
Updated
2017-07-12
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
Max CVSS
5.3
EPSS Score
0.38%
Published
2016-09-17
Updated
2017-08-13
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.
Max CVSS
4.3
EPSS Score
0.11%
Published
2016-09-24
Updated
2017-07-30
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.
Max CVSS
8.6
EPSS Score
0.19%
Published
2016-09-21
Updated
2017-07-30
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
Max CVSS
9.1
EPSS Score
0.31%
Published
2016-09-21
Updated
2017-07-30
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
Max CVSS
6.3
EPSS Score
0.09%
Published
2016-07-04
Updated
2017-09-01
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.
Max CVSS
4.3
EPSS Score
0.12%
Published
2016-05-03
Updated
2016-12-01
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Max CVSS
6.4
EPSS Score
0.09%
Published
2017-02-03
Updated
2017-03-02
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-03-09
Updated
2017-01-11
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-12-28
Updated
2016-12-07
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach.
Max CVSS
5.0
EPSS Score
0.18%
Published
2015-10-18
Updated
2016-12-08
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields.
Max CVSS
4.0
EPSS Score
0.10%
Published
2015-09-26
Updated
2016-12-08
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
Max CVSS
3.5
EPSS Score
0.13%
Published
2015-08-22
Updated
2016-12-24
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
Max CVSS
3.5
EPSS Score
0.14%
Published
2015-08-20
Updated
2017-09-21
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.
Max CVSS
7.8
EPSS Score
0.32%
Published
2015-07-23
Updated
2015-08-21
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
Max CVSS
4.0
EPSS Score
0.17%
Published
2015-02-14
Updated
2017-09-08
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
Max CVSS
5.0
EPSS Score
8.21%
Published
2015-01-21
Updated
2018-10-09
33 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!