Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-1219 Unspecified vulnerability in EMC RSA Archer
EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information.
network
low complexity
emc
4.0
2018-03-08 CVE-2018-1182 Improper Privilege Management vulnerability in multiple products
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only).
local
low complexity
emc rsa CWE-269
7.2
2018-01-25 CVE-2017-15546 SQL Injection vulnerability in EMC RSA Authentication Manager
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability.
network
low complexity
emc CWE-89
4.0
2018-01-05 CVE-2017-15550 Path Traversal vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-22
critical
9.0
2018-01-05 CVE-2017-15549 Unrestricted Upload of File with Dangerous Type vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-434
critical
9.0
2018-01-05 CVE-2017-15548 Improper Authentication vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-287
critical
10.0
2017-12-20 CVE-2017-14387 Unspecified vulnerability in EMC Isilon Onefs
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports.
network
low complexity
emc
6.4
2017-12-20 CVE-2017-14385 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Data Domain and Data Domain OS
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2.
network
low complexity
emc CWE-119
5.0
2017-12-13 CVE-2017-14380 Improper Privilege Management vulnerability in EMC Isilon Onefs
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode.
local
low complexity
emc CWE-269
7.2
2017-11-29 CVE-2017-14378 Unspecified vulnerability in EMC products
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."
network
low complexity
emc
7.5