Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2024-0454 Authentication Bypass by Spoofing vulnerability in EMC Elan Match-On-Chip FPR Solution Firmware 3.0.12011.08009/3.3.12011.08103
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
low complexity
emc CWE-290
6.1
2023-09-27 CVE-2023-32458 Improper Access Control vulnerability in EMC Appsync
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component.
local
low complexity
emc CWE-284
7.8
2020-04-15 CVE-2020-5346 Cross-site Scripting vulnerability in EMC RSA Authentication Manager
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console.
network
low complexity
emc CWE-79
4.8
2020-03-26 CVE-2020-5340 Cross-site Scripting vulnerability in EMC RSA Authentication Manager
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console.
network
low complexity
emc CWE-79
4.8
2020-03-26 CVE-2020-5339 Cross-site Scripting vulnerability in EMC RSA Authentication Manager
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console.
network
low complexity
emc CWE-79
4.8
2020-01-03 CVE-2019-3768 XXE vulnerability in EMC RSA Authentication Manager
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability.
network
low complexity
emc CWE-611
6.5
2019-12-03 CVE-2019-18574 Cross-site Scripting vulnerability in multiple products
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console.
network
low complexity
rsa emc CWE-79
4.8
2019-09-30 CVE-2019-3733 Incomplete Cleanup vulnerability in multiple products
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'.
network
low complexity
dell emc CWE-459
4.0
2019-09-30 CVE-2019-3732 Information Exposure Through Discrepancy vulnerability in multiple products
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy.
network
low complexity
dell emc CWE-203
5.0
2019-03-13 CVE-2019-3711 RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability.
network
low complexity
emc rsa
4.0