Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-01 | CVE-2014-0635 | Improper Authentication vulnerability in EMC Vplex Geosynchrony Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | 7.5 |
| 2014-04-01 | CVE-2014-0634 | Improper Input Validation vulnerability in EMC Vplex Geosynchrony EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 6.0 |
| 2014-04-01 | CVE-2014-0633 | Improper Input Validation vulnerability in EMC Vplex Geosynchrony The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | 7.7 |
| 2014-04-01 | CVE-2014-0632 | Path Traversal vulnerability in EMC Vplex Geosynchrony Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 9.0 |
| 2014-03-27 | CVE-2014-0623 | Cross-Site Scripting vulnerability in EMC RSA Authentication Manager 7.1 Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue. | 4.3 |
| 2014-03-21 | CVE-2014-2276 | Permissions, Privileges, and Access Controls vulnerability in EMC Connectrix Manager 11.2.1/12.0.1/12.0.3 The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. | 5.0 |
| 2014-03-06 | CVE-2014-0630 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Taskspace 6.7 EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. | 4.0 |
| 2014-03-06 | CVE-2014-0629 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Taskspace 6.7 EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation. | 8.5 |
| 2014-03-06 | CVE-2014-0624 | Unspecified vulnerability in EMC RSA Data Loss Prevention 9.0/9.5/9.6 EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors. low complexity emc | 2.7 |
| 2014-02-18 | CVE-2014-0627 | Cryptographic Issues vulnerability in multiple products The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. | 5.0 |