Vulnerabilities > EMC > Data Protection Advisor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-16 | CVE-2017-8013 | Use of Hard-coded Credentials vulnerability in EMC Data Protection Advisor 6.3.0/6.4.0 EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. | 7.5 |
| 2018-03-12 | CVE-2018-1206 | Use of Hard-coded Credentials vulnerability in EMC Data Protection Advisor 6.3.0/6.4.0 Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. | 7.2 |
| 2017-10-19 | CVE-2017-10955 | Improper Input Validation vulnerability in EMC Data Protection Advisor 6.3.0 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. | 8.8 |
| 2017-07-09 | CVE-2017-8003 | Path Traversal vulnerability in EMC Data Protection Advisor EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. | 6.8 |
| 2017-07-09 | CVE-2017-8002 | SQL Injection vulnerability in EMC Data Protection Advisor EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. | 6.5 |
| 2012-12-26 | CVE-2012-4616 | Path Traversal vulnerability in EMC Data Protection Advisor 5.6/5.7/5.8 Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2012-04-20 | CVE-2012-0407 | Numeric Errors vulnerability in EMC Data Protection Advisor Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. | 5.0 |
| 2012-04-20 | CVE-2012-0406 | Permissions, Privileges, and Access Controls vulnerability in EMC Data Protection Advisor The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. | 7.8 |
| 2011-08-01 | CVE-2011-1742 | Credentials Management vulnerability in EMC Data Protection Advisor EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. | 2.1 |