Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-8000 Cross-site Scripting vulnerability in EMC RSA Authentication Manager
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database.
network
low complexity
emc CWE-79
4.8
2017-07-09 CVE-2017-8003 Path Traversal vulnerability in EMC Data Protection Advisor
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability.
network
low complexity
emc CWE-22
4.9
2017-07-09 CVE-2017-8002 SQL Injection vulnerability in EMC Data Protection Advisor
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities.
network
low complexity
emc CWE-89
8.8
2017-07-09 CVE-2017-4976 Use of Hard-coded Credentials vulnerability in EMC Esrs Policy Manager 6.7
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password.
network
low complexity
emc CWE-798
critical
9.8
2017-07-07 CVE-2017-5002 Open Redirect vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability.
network
low complexity
emc CWE-601
6.1
2017-07-07 CVE-2017-5001 Information Exposure vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability.
network
low complexity
emc CWE-200
4.3
2017-07-07 CVE-2017-5000 Information Exposure vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability.
network
low complexity
emc CWE-200
4.3
2017-07-07 CVE-2017-4999 Information Exposure vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages.
network
low complexity
emc CWE-200
6.5
2017-07-07 CVE-2017-4998 Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability.
network
low complexity
emc CWE-352
8.8
2017-06-21 CVE-2017-4990 Unrestricted Upload of File with Dangerous Type vulnerability in EMC Avamar Server
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
network
low complexity
emc CWE-434
critical
9.8