Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-04 | CVE-2016-0899 | Information Exposure vulnerability in EMC RSA Archer Egrc EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. | 6.3 |
| 2016-06-23 | CVE-2016-0914 | Improper Access Control vulnerability in EMC products EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | 6.3 |
| 2016-06-10 | CVE-2016-0916 | Improper Authentication vulnerability in EMC Networker EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. | 9.8 |
| 2016-06-10 | CVE-2016-0910 | Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS 5.5.3.3/5.6.1.0/5.7.1.0 EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | 8.8 |
| 2016-06-04 | CVE-2016-0908 | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | 6.7 |
| 2016-05-30 | CVE-2016-0907 | 7PK - Security Features vulnerability in EMC Isilon Onefs and Isilonsd Edge Onefs EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. | 5.9 |
| 2016-05-07 | CVE-2016-0902 | Unspecified vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.3 |
| 2016-05-07 | CVE-2016-0901 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | 6.1 |
| 2016-05-07 | CVE-2016-0900 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | 6.1 |
| 2016-05-03 | CVE-2016-0895 | Improper Input Validation vulnerability in EMC RSA Data Loss Prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. | 4.3 |