Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2013-05-10 CVE-2013-0946 Buffer Errors vulnerability in EMC Alphastor 4.0
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.
network
emc CWE-119
critical
9.3
2013-05-10 CVE-2013-0939 Improper Input Validation vulnerability in EMC products
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.
network
emc CWE-20
5.8
2013-05-10 CVE-2013-0938 Cross-Site Scripting vulnerability in EMC products
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
2013-05-10 CVE-2013-0937 Improper Authentication vulnerability in EMC products
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.
network
emc CWE-287
5.8
2013-05-07 CVE-2013-0934 Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
network
low complexity
emc CWE-264
4.0
2013-05-07 CVE-2013-0933 Cross-Site Scripting vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
2013-05-07 CVE-2013-0932 Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.
network
low complexity
emc CWE-264
4.0
2013-05-03 CVE-2013-0945 Improper Input Validation vulnerability in EMC Avamar
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
emc CWE-20
critical
9.3
2013-05-03 CVE-2013-0944 Information Exposure vulnerability in EMC Avamar
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
network
emc CWE-200
3.5
2013-05-03 CVE-2013-0940 Permissions, Privileges, and Access Controls vulnerability in EMC Networker
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
local
low complexity
emc CWE-264
7.2