Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-21 | CVE-2016-0905 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. | 6.7 |
| 2016-09-21 | CVE-2016-0904 | Information Exposure vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | 8.6 |
| 2016-09-21 | CVE-2016-0903 | Information Exposure vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | 9.1 |
| 2016-09-18 | CVE-2016-6643 | Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4/3.7.1 Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-09-18 | CVE-2016-6642 | Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4/3.7.1 Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | 6.1 |
| 2016-09-18 | CVE-2016-6641 | Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4/3.7.1 Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 7.6 |
| 2016-09-18 | CVE-2016-0922 | Improper Authorization vulnerability in EMC Vipr SRM 3.6.0/3.6.4/3.7.1 EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. | 9.8 |
| 2016-09-17 | CVE-2016-6644 | Information Exposure vulnerability in EMC Documentum D2 4.5/4.6 EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | 5.3 |
| 2016-08-22 | CVE-2016-0915 | Permissions, Privileges, and Access Controls vulnerability in EMC Authentication Manager Prime 3.0/3.1 The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." | 8.1 |
| 2016-07-06 | CVE-2016-0906 | Improper Access Control vulnerability in EMC Avamar The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation. | 8.8 |