# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-3732 |
203 |
|
|
2019-09-30 |
2022-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. |
2 |
CVE-2018-11071 |
20 |
|
|
2018-09-18 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted. |
3 |
CVE-2018-11051 |
22 |
|
+Priv Dir. Trav. |
2018-07-03 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
4 |
CVE-2018-1220 |
601 |
|
+Info |
2018-03-08 |
2018-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users. |
5 |
CVE-2017-14385 |
119 |
|
Exec Code Overflow |
2017-12-20 |
2018-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution. |
6 |
CVE-2017-8019 |
20 |
|
DoS |
2017-11-28 |
2017-12-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. |
7 |
CVE-2017-5002 |
601 |
|
|
2017-07-07 |
2017-07-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. |
8 |
CVE-2017-4986 |
200 |
|
Bypass +Info |
2017-06-14 |
2017-07-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. |
9 |
CVE-2017-4980 |
22 |
|
Dir. Trav. |
2017-03-29 |
2017-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1. |
10 |
CVE-2016-6644 |
264 |
|
|
2016-09-17 |
2017-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. |
11 |
CVE-2016-6642 |
352 |
|
CSRF |
2016-09-18 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. |
12 |
CVE-2016-0922 |
285 |
|
|
2016-09-18 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. |
13 |
CVE-2016-0915 |
264 |
|
DoS |
2016-08-22 |
2020-08-27 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." |
14 |
CVE-2016-0904 |
310 |
|
+Info |
2016-09-21 |
2017-07-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. |
15 |
CVE-2016-0902 |
|
|
Http R.Spl. |
2016-05-07 |
2016-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
16 |
CVE-2016-0882 |
|
|
|
2016-02-12 |
2017-01-11 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
17 |
CVE-2015-6843 |
200 |
|
+Info |
2015-10-18 |
2016-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. |
18 |
CVE-2015-4529 |
|
|
|
2015-07-16 |
2017-09-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
19 |
CVE-2015-0543 |
20 |
|
+Info |
2015-07-05 |
2016-12-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
20 |
CVE-2015-0531 |
284 |
|
|
2015-05-07 |
2016-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. |
21 |
CVE-2015-0529 |
255 |
|
+Info |
2015-04-05 |
2016-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. |
22 |
CVE-2015-0514 |
200 |
|
+Info |
2015-01-21 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. |
23 |
CVE-2015-0512 |
|
|
|
2015-02-02 |
2015-09-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. |
24 |
CVE-2014-4639 |
189 |
|
|
2015-01-07 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. |
25 |
CVE-2014-4638 |
200 |
|
+Info |
2015-01-07 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. |
26 |
CVE-2014-4631 |
287 |
|
Bypass |
2014-12-08 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. |
27 |
CVE-2014-2519 |
200 |
|
DoS +Info |
2014-07-19 |
2017-01-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports. |
28 |
CVE-2014-2516 |
|
|
|
2014-12-12 |
2014-12-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
29 |
CVE-2014-2509 |
|
|
|
2014-07-01 |
2018-10-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. |
30 |
CVE-2014-2505 |
|
|
|
2014-08-20 |
2017-08-29 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. |
31 |
CVE-2014-2276 |
264 |
|
+Info |
2014-03-21 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. |
32 |
CVE-2014-0642 |
264 |
|
Bypass |
2014-04-15 |
2014-04-16 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. |
33 |
CVE-2014-0627 |
310 |
|
|
2014-02-18 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. |
34 |
CVE-2014-0626 |
310 |
|
Bypass |
2014-02-18 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. |
35 |
CVE-2014-0625 |
399 |
|
DoS |
2014-02-18 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. |
36 |
CVE-2013-6174 |
20 |
|
|
2013-11-21 |
2015-07-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. |
37 |
CVE-2013-6078 |
310 |
|
|
2014-06-17 |
2014-06-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change. |
38 |
CVE-2013-3279 |
255 |
|
+Info |
2013-10-16 |
2013-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. |
39 |
CVE-2013-3277 |
20 |
|
|
2013-09-05 |
2013-09-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
40 |
CVE-2013-3271 |
255 |
|
|
2013-08-28 |
2013-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. |
41 |
CVE-2013-0939 |
20 |
|
+Info |
2013-05-10 |
2013-05-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue. |
42 |
CVE-2013-0937 |
287 |
|
|
2013-05-10 |
2013-05-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. |
43 |
CVE-2012-4616 |
22 |
|
Dir. Trav. |
2012-12-26 |
2012-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. |
44 |
CVE-2012-2280 |
|
|
|
2012-07-13 |
2020-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." |
45 |
CVE-2012-0407 |
189 |
1
|
DoS Overflow |
2012-04-20 |
2012-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. |
46 |
CVE-2011-1744 |
264 |
|
DoS |
2011-08-01 |
2019-03-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site. |
47 |
CVE-2009-3744 |
|
|
DoS |
2009-10-22 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144. |
48 |
CVE-2008-3288 |
310 |
|
|
2008-07-24 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords. |
49 |
CVE-2005-3659 |
399 |
|
DoS |
2005-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference. |
50 |
CVE-2005-2358 |
|
|
|
2005-08-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot). |