Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-03-15 | CVE-2012-0398 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Eroom EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. | 7.5 |
| 2012-02-06 | CVE-2012-0396 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Xplore 1.0/1.1/1.2 EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | 4.0 |
| 2012-02-02 | CVE-2011-4144 | Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges. | 6.8 |
| 2012-01-27 | CVE-2012-0395 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Networker Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | 9.3 |
| 2012-01-19 | CVE-2011-4142 | Credentials Management vulnerability in EMC Sourceone Email Management The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | 2.1 |
| 2011-12-14 | CVE-2011-2742 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Adaptive Authentication On-Premise 6.0.2.1 EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. | 6.8 |
| 2011-12-14 | CVE-2011-2741 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Adaptive Authentication On-Premise 6.0.2.1 EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." | 6.8 |
| 2011-11-09 | CVE-2011-2740 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA KEY Manager Appliance 2.7 EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | 9.3 |
| 2011-11-09 | CVE-2011-2739 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Eroom The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | 8.5 |
| 2011-09-19 | CVE-2011-2738 | Remote Code Execution vulnerability in Multiple Cisco Products Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. | 10.0 |