Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2017-8024 | Cross-site Scripting vulnerability in EMC Isilon Onefs EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 6.1 |
| 2017-10-11 | CVE-2017-8025 | Improper Input Validation vulnerability in EMC Archer GRC Platform 6.2.0.4 RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. | 7.4 |
| 2017-10-11 | CVE-2017-8017 | Cross-site Scripting vulnerability in EMC Smarts Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 6.1 |
| 2017-10-11 | CVE-2017-8016 | Cross-site Scripting vulnerability in EMC Archer GRC Platform 6.2.0.4 RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. | 5.4 |
| 2017-10-03 | CVE-2017-8018 | Improper Input Validation vulnerability in EMC Appsync 2.0/3.0.0/3.5 EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 7.5 |
| 2017-09-12 | CVE-2017-8015 | SQL Injection vulnerability in EMC Appsync 2.0/3.0.0 EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 9.8 |
| 2017-08-29 | CVE-2017-3757 | Unquoted Search Path or Element vulnerability in EMC Elan Touchpad Driver 11.4.1.6 An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). | 7.8 |
| 2017-07-17 | CVE-2017-8006 | Improper Authentication vulnerability in EMC RSA Authentication Manager 8.1 In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. | 5.9 |
| 2017-07-17 | CVE-2017-8005 | Cross-site Scripting vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. | 5.4 |
| 2017-07-17 | CVE-2017-8004 | Improper Input Validation vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. | 7.2 |