| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-11080 |
264 |
|
|
2018-10-18 |
2018-12-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges. |
|
2 |
CVE-2018-11070 |
310 |
|
|
2018-09-11 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key. |
|
3 |
CVE-2018-11069 |
310 |
|
|
2018-09-11 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. |
|
4 |
CVE-2018-11057 |
310 |
|
|
2018-08-31 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. |
|
5 |
CVE-2018-1255 |
79 |
|
Exec Code XSS |
2018-07-13 |
2018-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. |
|
6 |
CVE-2017-15546 |
89 |
|
Sql |
2018-01-24 |
2018-02-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. |
|
7 |
CVE-2017-14373 |
79 |
|
XSS |
2017-10-31 |
2017-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
8 |
CVE-2017-8024 |
79 |
|
XSS |
2017-10-18 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
|
9 |
CVE-2017-8017 |
79 |
|
XSS |
2017-10-11 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
10 |
CVE-2017-8006 |
287 |
|
|
2017-07-17 |
2017-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources. |
|
11 |
CVE-2017-5004 |
79 |
|
XSS |
2017-06-09 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. |
|
12 |
CVE-2017-5003 |
79 |
|
XSS |
2017-06-09 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. |
|
13 |
CVE-2017-5001 |
200 |
|
+Info |
2017-07-06 |
2017-07-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. |
|
14 |
CVE-2017-5000 |
200 |
|
+Info |
2017-07-06 |
2017-07-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. |
|
15 |
CVE-2017-4999 |
200 |
|
Bypass +Info |
2017-07-06 |
2017-07-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages. |
|
16 |
CVE-2017-4987 |
427 |
|
Exec Code |
2017-06-19 |
2017-06-29 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability. |
|
17 |
CVE-2017-4983 |
264 |
|
|
2017-05-04 |
2017-07-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. |
|
18 |
CVE-2017-4979 |
264 |
|
|
2017-05-19 |
2017-06-02 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. |
|
19 |
CVE-2016-9872 |
79 |
|
XSS |
2017-02-03 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. |
|
20 |
CVE-2016-9867 |
264 |
|
Exec Code |
2017-01-06 |
2017-01-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. |
|
21 |
CVE-2016-8215 |
79 |
|
XSS |
2017-01-25 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
22 |
CVE-2016-8214 |
275 |
|
|
2017-01-25 |
2017-02-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
|
23 |
CVE-2016-8213 |
79 |
|
XSS |
2017-01-23 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
24 |
CVE-2016-6643 |
79 |
|
XSS |
2016-09-17 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
25 |
CVE-2016-0919 |
79 |
|
XSS |
2017-02-03 |
2017-03-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
26 |
CVE-2016-0918 |
200 |
|
+Info |
2016-09-24 |
2017-07-29 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. |
|
27 |
CVE-2016-0910 |
264 |
|
|
2016-06-09 |
2017-01-10 |
4.3 |
None |
Local |
Low |
Single system |
Partial |
Partial |
Partial |
|
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. |
|
28 |
CVE-2016-0907 |
254 |
|
|
2016-05-29 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. |
|
29 |
CVE-2016-0901 |
79 |
|
XSS |
2016-05-07 |
2016-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. |
|
30 |
CVE-2016-0900 |
79 |
|
XSS |
2016-05-07 |
2016-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. |
|
31 |
CVE-2016-0895 |
20 |
|
|
2016-05-03 |
2016-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. |
|
32 |
CVE-2016-0893 |
200 |
|
+Info |
2016-05-03 |
2016-11-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. |
|
33 |
CVE-2016-0892 |
79 |
|
XSS |
2016-05-03 |
2016-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
34 |
CVE-2016-0886 |
200 |
|
+Info |
2016-03-09 |
2017-01-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. |
|
35 |
CVE-2016-0881 |
74 |
|
+Info |
2016-02-11 |
2017-01-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. |
|
36 |
CVE-2015-6852 |
200 |
|
Dir. Trav. +Info |
2015-12-28 |
2016-12-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
|
37 |
CVE-2015-6844 |
79 |
|
XSS |
2015-10-18 |
2016-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
38 |
CVE-2015-4547 |
200 |
|
+Info |
2015-10-11 |
2016-12-08 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. |
|
39 |
CVE-2015-4543 |
200 |
|
+Info |
2015-09-25 |
2016-12-08 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. |
|
40 |
CVE-2015-4539 |
79 |
|
XSS |
2015-09-25 |
2016-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
41 |
CVE-2015-0548 |
20 |
|
Bypass |
2015-07-04 |
2016-12-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. |
|
42 |
CVE-2015-0547 |
20 |
|
Bypass |
2015-07-04 |
2016-12-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. |
|
43 |
CVE-2015-0535 |
284 |
|
|
2015-08-20 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204. |
|
44 |
CVE-2015-0533 |
310 |
|
|
2015-08-20 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572. |
|
45 |
CVE-2015-0526 |
79 |
|
XSS |
2015-06-22 |
2017-09-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. |
|
46 |
CVE-2015-0522 |
79 |
|
XSS |
2015-03-12 |
2015-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter. |
|
47 |
CVE-2015-0517 |
200 |
|
+Info |
2015-02-14 |
2017-09-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. |
|
48 |
CVE-2015-0516 |
22 |
|
Dir. Trav. |
2015-01-21 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. |
|
49 |
CVE-2014-4635 |
79 |
|
XSS |
2015-01-06 |
2016-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50 |
CVE-2014-4634 |
|
|
+Priv |
2014-12-30 |
2015-03-24 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. |
