Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2017-10-18 CVE-2017-8024 Cross-site Scripting vulnerability in EMC Isilon Onefs
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
6.1
2017-10-11 CVE-2017-8025 Improper Input Validation vulnerability in EMC Archer GRC Platform 6.2.0.4
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability.
local
high complexity
emc CWE-20
7.4
2017-10-11 CVE-2017-8017 Cross-site Scripting vulnerability in EMC Smarts Network Configuration Manager
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
6.1
2017-10-11 CVE-2017-8016 Cross-site Scripting vulnerability in EMC Archer GRC Platform 6.2.0.4
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field.
network
low complexity
emc CWE-79
5.4
2017-10-03 CVE-2017-8018 Improper Input Validation vulnerability in EMC Appsync 2.0/3.0.0/3.5
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-20
7.5
2017-09-12 CVE-2017-8015 SQL Injection vulnerability in EMC Appsync 2.0/3.0.0
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-89
critical
9.8
2017-08-29 CVE-2017-3757 Unquoted Search Path or Element vulnerability in EMC Elan Touchpad Driver 11.4.1.6
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads).
local
low complexity
emc CWE-428
7.8
2017-07-17 CVE-2017-8006 Improper Authentication vulnerability in EMC RSA Authentication Manager
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN.
network
high complexity
emc CWE-287
5.9
2017-07-17 CVE-2017-8005 Cross-site Scripting vulnerability in multiple products
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities.
network
low complexity
emc rsa CWE-79
5.4
2017-07-17 CVE-2017-8004 Improper Input Validation vulnerability in multiple products
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code.
network
low complexity
emc rsa CWE-20
7.2