Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-03 | CVE-2016-0894 | 7PK - Security Features vulnerability in EMC RSA Data Loss Prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | 6.3 |
| 2016-05-03 | CVE-2016-0893 | Information Exposure vulnerability in EMC RSA Data Loss Prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | 4.3 |
| 2016-05-03 | CVE-2016-0892 | Cross-site Scripting vulnerability in EMC RSA Data Loss Prevention Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-04-20 | CVE-2016-0891 | Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4 Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-07 | CVE-2016-0888 | Unspecified vulnerability in EMC Documentum D2 EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. | 8.8 |
| 2016-03-09 | CVE-2016-0886 | Information Exposure vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | 4.3 |
| 2016-02-12 | CVE-2016-0882 | Unspecified vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.4 |
| 2016-02-12 | CVE-2016-0881 | Injection vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. | 6.5 |
| 2015-12-28 | CVE-2015-6852 | Information Exposure vulnerability in EMC Secure Remote Services 3.0/3.02/3.03 Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | 4.3 |
| 2015-12-28 | CVE-2015-6850 | Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5 EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | 8.4 |