# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-15764 |
|
|
Exec Code |
2018-09-28 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM. |
2 |
CVE-2018-1206 |
798 |
|
+Priv |
2018-03-12 |
2018-04-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account. |
3 |
CVE-2018-1182 |
269 |
|
|
2018-03-08 |
2021-08-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges. |
4 |
CVE-2017-14380 |
269 |
|
|
2017-12-13 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. |
5 |
CVE-2017-14378 |
|
|
Bypass |
2017-11-29 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." |
6 |
CVE-2017-14376 |
798 |
|
|
2017-11-01 |
2017-11-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. |
7 |
CVE-2017-8015 |
89 |
|
Sql |
2017-09-12 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
8 |
CVE-2017-8013 |
798 |
|
+Priv |
2018-03-16 |
2018-04-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges). |
9 |
CVE-2017-4990 |
434 |
|
Exec Code |
2017-06-21 |
2017-07-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. |
10 |
CVE-2017-4989 |
287 |
|
Bypass |
2017-06-21 |
2017-07-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows. |
11 |
CVE-2017-4976 |
798 |
|
+Priv |
2017-07-09 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. |
12 |
CVE-2017-3757 |
428 |
|
Exec Code |
2017-08-29 |
2017-09-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. |
13 |
CVE-2017-2766 |
640 |
|
|
2017-02-03 |
2017-03-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
14 |
CVE-2017-2765 |
287 |
|
Bypass |
2017-02-08 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. |
15 |
CVE-2016-9870 |
90 |
|
|
2017-01-23 |
2017-01-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. |
16 |
CVE-2016-6649 |
77 |
|
Bypass |
2017-02-03 |
2017-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. |
17 |
CVE-2016-0920 |
77 |
|
|
2016-09-21 |
2017-07-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. |
18 |
CVE-2016-0913 |
20 |
|
Exec Code |
2016-10-05 |
2017-07-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. |
19 |
CVE-2016-0909 |
20 |
|
|
2016-11-15 |
2017-07-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. |
20 |
CVE-2016-0905 |
264 |
|
|
2016-09-21 |
2017-07-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. |
21 |
CVE-2015-6850 |
264 |
|
+Priv |
2015-12-28 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. |
22 |
CVE-2015-6849 |
20 |
|
DoS |
2015-12-05 |
2016-12-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. |
23 |
CVE-2015-6845 |
|
|
|
2015-10-18 |
2016-12-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. |
24 |
CVE-2015-4546 |
22 |
|
Dir. Trav. |
2015-10-02 |
2016-12-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. |
25 |
CVE-2015-4538 |
|
|
DoS |
2015-09-04 |
2016-12-22 |
7.5 |
None |
Remote |
Low |
??? |
Complete |
None |
Partial |
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
26 |
CVE-2015-4535 |
264 |
|
+Priv |
2015-08-20 |
2017-09-21 |
7.5 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Complete |
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. |
27 |
CVE-2015-4527 |
200 |
|
Dir. Trav. +Info |
2015-07-23 |
2015-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. |
28 |
CVE-2015-4526 |
284 |
|
Bypass |
2015-07-10 |
2016-12-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. |
29 |
CVE-2015-0532 |
264 |
|
|
2015-05-01 |
2016-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account. |
30 |
CVE-2015-0530 |
119 |
|
Overflow +Priv |
2015-04-17 |
2017-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors. |
31 |
CVE-2015-0528 |
264 |
|
+Priv |
2015-03-29 |
2016-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. |
32 |
CVE-2015-0525 |
78 |
|
Exec Code |
2015-03-12 |
2019-02-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
33 |
CVE-2015-0524 |
89 |
|
Exec Code Sql |
2015-03-12 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
34 |
CVE-2015-0523 |
20 |
|
DoS |
2015-03-12 |
2016-08-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header. |
35 |
CVE-2014-4622 |
264 |
|
+Priv Bypass |
2014-09-17 |
2017-08-29 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. |
36 |
CVE-2014-2508 |
20 |
|
Bypass |
2014-06-08 |
2018-10-09 |
7.5 |
None |
Remote |
Medium |
??? |
Complete |
Partial |
Partial |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints. |
37 |
CVE-2014-2503 |
20 |
|
Bypass |
2014-06-06 |
2014-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string. |
38 |
CVE-2014-0643 |
287 |
|
Bypass |
2014-05-16 |
2018-12-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. |
39 |
CVE-2014-0635 |
287 |
|
|
2014-04-01 |
2014-04-01 |
7.5 |
None |
Remote |
Medium |
??? |
Complete |
Partial |
Partial |
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. |
40 |
CVE-2014-0633 |
20 |
|
Exec Code |
2014-04-01 |
2014-04-01 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. |
41 |
CVE-2013-6182 |
|
|
+Priv |
2013-12-28 |
2014-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. |
42 |
CVE-2013-3280 |
264 |
|
Bypass |
2013-10-25 |
2013-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash. |
43 |
CVE-2013-0940 |
264 |
|
+Priv |
2013-05-03 |
2013-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. |
44 |
CVE-2013-0930 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2014-05-05 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name. |
45 |
CVE-2013-0929 |
134 |
|
Exec Code |
2013-01-21 |
2016-08-18 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. |
46 |
CVE-2012-2292 |
264 |
|
Bypass |
2013-02-06 |
2013-02-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |
47 |
CVE-2012-2291 |
264 |
|
+Priv |
2013-01-21 |
2013-01-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. |
48 |
CVE-2012-2289 |
264 |
|
Exec Code |
2012-08-26 |
2013-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. |
49 |
CVE-2012-2277 |
119 |
1
|
DoS Overflow |
2012-05-14 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. |
50 |
CVE-2012-2276 |
119 |
1
|
DoS Overflow |
2012-05-14 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. |