EMC : Security Vulnerabilities (CVSS score between 2 and 2.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2018-11079	522			2018-10-18	2019-10-09	2.1	None	Local	Low	Not required	Partial	None	None
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
2	CVE-2018-11075	79		Exec Code XSS CSRF	2018-09-28	2020-03-27	2.6	None	Remote	High	Not required	None	Partial	None
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.
3	CVE-2018-1240	200		DoS +Info	2018-04-18	2019-10-03	2.7	None	Local Network	Low	???	Partial	None	None
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
4	CVE-2016-9869	275			2017-01-06	2017-01-11	2.1	None	Local	Low	Not required	None	None	Partial
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.
5	CVE-2016-9868	254			2017-01-06	2017-01-11	2.1	None	Local	Low	Not required	None	None	Partial
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot.
6	CVE-2016-6650	200		+Info	2017-03-21	2017-07-12	2.6	None	Remote	High	Not required	Partial	None	None
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.
7	CVE-2016-6648	275			2017-02-03	2017-03-08	2.1	None	Local	Low	Not required	Partial	None	None
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.
8	CVE-2015-6847	200		+Info	2015-11-18	2016-12-07	2.1	None	Local	Low	Not required	Partial	None	None
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file.
9	CVE-2015-0527	200		+Info	2015-03-24	2015-07-28	2.1	None	Local	Low	Not required	Partial	None	None
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file.
10	CVE-2015-0519	200		+Info	2015-02-14	2017-09-08	2.1	None	Local	Low	Not required	Partial	None	None
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.
11	CVE-2014-4620	200		+Info	2014-10-25	2017-08-29	2.1	None	Local	Low	Not required	Partial	None	None
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
12	CVE-2014-0624			+Priv Bypass	2014-03-06	2014-03-07	2.7	None	Local Network	Low	???	Partial	None	None
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.
13	CVE-2013-6181	310		+Info	2013-12-28	2014-01-08	2.1	None	Local	Low	Not required	Partial	None	None
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.
14	CVE-2013-3273	255		+Info	2013-07-08	2020-03-27	2.1	None	Local	Low	Not required	Partial	None	None
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
15	CVE-2013-3272	255		+Info	2013-07-08	2013-10-11	2.1	None	Local	Low	Not required	Partial	None	None
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack.
16	CVE-2012-4615	310	1	+Info	2012-11-27	2013-08-17	2.1	None	Local	Low	Not required	Partial	None	None
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.
17	CVE-2012-2286			+Info	2012-10-10	2013-02-12	2.9	None	Local Network	Medium	Not required	Partial	None	None
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors.
18	CVE-2011-4142	255		+Info	2012-01-19	2012-01-19	2.1	None	Local	Low	Not required	Partial	None	None
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.
19	CVE-2011-1742	255		+Info	2011-08-01	2019-03-14	2.1	None	Local	Low	Not required	Partial	None	None
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file.
20	CVE-2007-5024	310		+Info	2007-09-21	2008-09-05	2.1	None	Local	Low	Not required	Partial	None	None
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.

Total number of vulnerabilities : 20 Page : 1 (This Page)