Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-14380 | Improper Privilege Management vulnerability in EMC Isilon Onefs In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. | 7.2 |
| 2017-11-29 | CVE-2017-14378 | Unspecified vulnerability in EMC products EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." | 7.5 |
| 2017-11-28 | CVE-2017-8020 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 10.0 |
| 2017-11-28 | CVE-2017-8019 | Improper Input Validation vulnerability in EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 5.0 |
| 2017-11-28 | CVE-2017-14379 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.1 EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 3.5 |
| 2017-11-01 | CVE-2017-14376 | Use of Hard-coded Credentials vulnerability in EMC Appsync 2.0/3.0.0/3.5 EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | 7.2 |
| 2017-11-01 | CVE-2017-14375 | Authentication Bypass by Spoofing vulnerability in multiple products EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 10.0 |
| 2017-10-31 | CVE-2017-14373 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.1/8.2 EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 4.3 |
| 2017-10-19 | CVE-2017-10955 | Improper Input Validation vulnerability in EMC Data Protection Advisor 6.3.0 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. | 8.8 |
| 2017-10-18 | CVE-2017-8022 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Networker An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). | 6.8 |