| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-3768 |
611 |
|
|
2020-01-03 |
2020-01-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message. |
|
2 |
CVE-2019-3733 |
459 |
|
|
2019-09-30 |
2022-04-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. |
|
3 |
CVE-2019-3711 |
|
|
|
2019-03-13 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks. |
|
4 |
CVE-2018-15771 |
200 |
|
+Info |
2018-11-13 |
2019-02-01 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. |
|
5 |
CVE-2018-11080 |
732 |
|
|
2018-10-18 |
2019-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges. |
|
6 |
CVE-2018-11074 |
79 |
|
Exec Code XSS |
2018-09-28 |
2020-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application. |
|
7 |
CVE-2018-1255 |
79 |
|
Exec Code XSS |
2018-07-13 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. |
|
8 |
CVE-2018-1254 |
79 |
|
Exec Code XSS |
2018-06-21 |
2020-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. |
|
9 |
CVE-2018-1253 |
79 |
|
Exec Code XSS |
2018-06-21 |
2020-01-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. |
|
10 |
CVE-2018-1242 |
78 |
|
|
2018-05-29 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. |
|
11 |
CVE-2018-1241 |
532 |
|
|
2018-05-29 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks. |
|
12 |
CVE-2018-1219 |
|
|
|
2018-03-08 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks. |
|
13 |
CVE-2017-15546 |
89 |
|
Sql |
2018-01-25 |
2018-02-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. |
|
14 |
CVE-2017-14373 |
79 |
|
XSS |
2017-10-31 |
2017-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
15 |
CVE-2017-8024 |
79 |
|
XSS |
2017-10-18 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
|
16 |
CVE-2017-8017 |
79 |
|
XSS |
2017-10-11 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
17 |
CVE-2017-8006 |
287 |
|
|
2017-07-17 |
2017-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources. |
|
18 |
CVE-2017-5003 |
79 |
|
XSS |
2017-06-09 |
2022-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. |
|
19 |
CVE-2017-5001 |
200 |
|
+Info |
2017-07-07 |
2017-07-17 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. |
|
20 |
CVE-2017-5000 |
200 |
|
+Info |
2017-07-07 |
2017-07-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. |
|
21 |
CVE-2017-4999 |
200 |
|
Bypass +Info |
2017-07-07 |
2017-07-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages. |
|
22 |
CVE-2017-4979 |
|
|
|
2017-05-19 |
2019-10-03 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. |
|
23 |
CVE-2016-9872 |
79 |
|
XSS |
2017-02-03 |
2017-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. |
|
24 |
CVE-2016-9867 |
264 |
|
Exec Code |
2017-01-06 |
2017-01-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. |
|
25 |
CVE-2016-8215 |
79 |
|
XSS |
2017-01-25 |
2017-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
26 |
CVE-2016-8214 |
275 |
|
|
2017-01-25 |
2017-02-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
|
27 |
CVE-2016-8213 |
79 |
|
XSS |
2017-01-23 |
2017-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
28 |
CVE-2016-6643 |
79 |
|
XSS |
2016-09-18 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
29 |
CVE-2016-0918 |
200 |
|
+Info |
2016-09-24 |
2017-07-30 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. |
|
30 |
CVE-2016-0910 |
264 |
|
|
2016-06-10 |
2017-01-11 |
4.3 |
None |
Local |
Low |
??? |
Partial |
Partial |
Partial |
|
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. |
|
31 |
CVE-2016-0907 |
254 |
|
|
2016-05-30 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. |
|
32 |
CVE-2016-0901 |
79 |
|
XSS |
2016-05-07 |
2016-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. |
|
33 |
CVE-2016-0900 |
79 |
|
XSS |
2016-05-07 |
2016-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. |
|
34 |
CVE-2016-0895 |
20 |
|
|
2016-05-03 |
2016-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. |
|
35 |
CVE-2016-0893 |
200 |
|
+Info |
2016-05-03 |
2016-12-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. |
|
36 |
CVE-2016-0892 |
79 |
|
XSS |
2016-05-03 |
2016-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
37 |
CVE-2016-0886 |
200 |
|
+Info |
2016-03-09 |
2017-01-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. |
|
38 |
CVE-2016-0881 |
74 |
|
+Info |
2016-02-12 |
2017-01-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. |
|
39 |
CVE-2015-6852 |
200 |
|
Dir. Trav. +Info |
2015-12-28 |
2016-12-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
|
40 |
CVE-2015-6844 |
79 |
|
XSS |
2015-10-18 |
2016-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
41 |
CVE-2015-4543 |
200 |
|
+Info |
2015-09-26 |
2016-12-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. |
|
42 |
CVE-2015-4539 |
79 |
|
XSS |
2015-09-26 |
2016-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
43 |
CVE-2015-0548 |
20 |
|
Bypass |
2015-07-04 |
2016-12-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. |
|
44 |
CVE-2015-0547 |
20 |
|
Bypass |
2015-07-04 |
2016-12-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. |
|
45 |
CVE-2015-0526 |
79 |
|
XSS |
2015-06-22 |
2017-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. |
|
46 |
CVE-2015-0522 |
79 |
|
XSS |
2015-03-12 |
2015-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter. |
|
47 |
CVE-2015-0517 |
200 |
|
+Info |
2015-02-14 |
2017-09-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. |
|
48 |
CVE-2015-0516 |
22 |
|
Dir. Trav. |
2015-01-21 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. |
|
49 |
CVE-2014-4635 |
79 |
|
XSS |
2015-01-07 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50 |
CVE-2014-4634 |
|
|
+Priv |
2014-12-30 |
2015-03-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. |
