Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2018-1206 Use of Hard-coded Credentials vulnerability in EMC Data Protection Advisor 6.3.0/6.4.0
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges.
local
low complexity
emc CWE-798
7.8
2018-03-08 CVE-2018-1220 Open Redirect vulnerability in EMC RSA Archer
EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature.
network
low complexity
emc CWE-601
6.1
2018-03-08 CVE-2018-1219 Unspecified vulnerability in EMC RSA Archer
EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information.
network
low complexity
emc
4.3
2018-03-08 CVE-2018-1182 Improper Privilege Management vulnerability in multiple products
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only).
local
low complexity
emc rsa CWE-269
7.8
2018-01-25 CVE-2017-15546 SQL Injection vulnerability in EMC RSA Authentication Manager
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability.
network
low complexity
emc CWE-89
4.3
2018-01-05 CVE-2017-15550 Path Traversal vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-22
8.8
2018-01-05 CVE-2017-15549 Unrestricted Upload of File with Dangerous Type vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-434
8.8
2018-01-05 CVE-2017-15548 Improper Authentication vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-287
critical
9.8
2017-12-20 CVE-2017-14387 Unspecified vulnerability in EMC Isilon Onefs
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports.
network
low complexity
emc
6.5
2017-12-20 CVE-2017-14385 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Data Domain and Data Domain OS
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2.
network
low complexity
emc CWE-119
7.5