Vulnerabilities > EMC
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-05 | CVE-2013-3277 | Improper Input Validation vulnerability in EMC RSA Archer Egrc Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2013-09-05 | CVE-2013-3276 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. | 6.0 |
2013-08-28 | CVE-2013-3271 | Credentials Management vulnerability in EMC RSA Authentication Agent 7.0.0/7.0.1/7.0.2 EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. | 5.0 |
2013-07-31 | CVE-2013-0943 | Information Exposure vulnerability in EMC Networker EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. | 4.6 |
2013-07-19 | CVE-2013-3275 | Improper Input Validation vulnerability in EMC Avamar Server and Avamar Server Virtual Edition EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." | 4.3 |
2013-07-19 | CVE-2013-3274 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server and Avamar Server Virtual Edition EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 9.0 |
2013-07-08 | CVE-2013-3273 | Credentials Management vulnerability in multiple products EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file. | 2.1 |
2013-07-08 | CVE-2013-3272 | Credentials Management vulnerability in EMC Replication Manager EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack. | 2.1 |
2013-05-22 | CVE-2013-0942 | Cross-Site Scripting vulnerability in EMC RSA Authentication Agent 7.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-20 | CVE-2013-3270 | Permissions, Privileges, and Access Controls vulnerability in EMC Celerra Control Station and VNX Control Station EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership. | 6.8 |