Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2017-12-13 CVE-2017-14380 Improper Privilege Management vulnerability in EMC Isilon Onefs
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode.
local
low complexity
emc CWE-269
6.7
2017-11-29 CVE-2017-14378 Unspecified vulnerability in EMC products
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."
network
low complexity
emc
critical
10.0
2017-11-28 CVE-2017-8020 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Scaleio
An issue was discovered in EMC ScaleIO 2.0.1.x.
network
low complexity
emc CWE-119
critical
9.8
2017-11-28 CVE-2017-8019 Improper Input Validation vulnerability in EMC Scaleio
An issue was discovered in EMC ScaleIO 2.0.1.x.
network
low complexity
emc CWE-20
7.5
2017-11-28 CVE-2017-14379 Cross-site Scripting vulnerability in EMC RSA Authentication Manager
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
5.4
2017-11-01 CVE-2017-14376 Use of Hard-coded Credentials vulnerability in EMC Appsync
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.
local
low complexity
emc CWE-798
7.8
2017-11-01 CVE-2017-14375 Authentication Bypass by Spoofing vulnerability in multiple products
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc dell CWE-290
critical
9.8
2017-10-31 CVE-2017-14373 Cross-site Scripting vulnerability in EMC RSA Authentication Manager
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
6.1
2017-10-19 CVE-2017-10955 Improper Input Validation vulnerability in EMC Data Protection Advisor 6.3.0
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0.
network
low complexity
emc CWE-20
8.8
2017-10-18 CVE-2017-8022 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Networker
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4).
network
high complexity
emc CWE-119
8.1