# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-11079 |
522 |
|
|
2018-10-18 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database. |
2 |
CVE-2018-11075 |
79 |
|
Exec Code XSS CSRF |
2018-09-28 |
2020-03-27 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application. |
3 |
CVE-2018-1240 |
200 |
|
DoS +Info |
2018-04-18 |
2019-10-03 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system. |
4 |
CVE-2016-9869 |
275 |
|
|
2017-01-06 |
2017-01-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable. |
5 |
CVE-2016-9868 |
254 |
|
|
2017-01-06 |
2017-01-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. |
6 |
CVE-2016-6650 |
200 |
|
+Info |
2017-03-21 |
2017-07-12 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
7 |
CVE-2016-6648 |
275 |
|
|
2017-02-03 |
2017-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. |
8 |
CVE-2015-6847 |
200 |
|
+Info |
2015-11-18 |
2016-12-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. |
9 |
CVE-2015-0527 |
200 |
|
+Info |
2015-03-24 |
2015-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. |
10 |
CVE-2015-0519 |
200 |
|
+Info |
2015-02-14 |
2017-09-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. |
11 |
CVE-2014-4620 |
200 |
|
+Info |
2014-10-25 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. |
12 |
CVE-2014-0624 |
|
|
+Priv Bypass |
2014-03-06 |
2014-03-07 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors. |
13 |
CVE-2013-6181 |
310 |
|
+Info |
2013-12-28 |
2014-01-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. |
14 |
CVE-2013-3273 |
255 |
|
+Info |
2013-07-08 |
2020-03-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file. |
15 |
CVE-2013-3272 |
255 |
|
+Info |
2013-07-08 |
2013-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack. |
16 |
CVE-2012-4615 |
310 |
1
|
+Info |
2012-11-27 |
2013-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. |
17 |
CVE-2012-2286 |
|
|
+Info |
2012-10-10 |
2013-02-12 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. |
18 |
CVE-2011-4142 |
255 |
|
+Info |
2012-01-19 |
2012-01-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. |
19 |
CVE-2011-1742 |
255 |
|
+Info |
2011-08-01 |
2019-03-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. |
20 |
CVE-2007-5024 |
310 |
|
+Info |
2007-09-21 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. |