Vulnerabilities > EMC > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-28 | CVE-2018-15764 | Unspecified vulnerability in EMC Esrs Policy Manager 6.7/6.8 Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. | 9.8 |
| 2018-08-24 | CVE-2018-11061 | Unspecified vulnerability in EMC RSA Netwitness and RSA Security Analytics RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. | 9.1 |
| 2018-05-29 | CVE-2018-1235 | OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. | 9.8 |
| 2018-03-16 | CVE-2017-8013 | Use of Hard-coded Credentials vulnerability in EMC Data Protection Advisor 6.3.0/6.4.0 EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. | 9.8 |
| 2018-01-05 | CVE-2017-15548 | Improper Authentication vulnerability in EMC products An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. | 9.8 |
| 2017-11-29 | CVE-2017-14378 | Unspecified vulnerability in EMC products EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." | 10.0 |
| 2017-11-28 | CVE-2017-8020 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 9.8 |
| 2017-11-01 | CVE-2017-14375 | Authentication Bypass by Spoofing vulnerability in multiple products EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 9.8 |
| 2017-09-12 | CVE-2017-8015 | SQL Injection vulnerability in EMC Appsync 2.0/3.0.0 EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 9.8 |
| 2017-07-09 | CVE-2017-4976 | Use of Hard-coded Credentials vulnerability in EMC Esrs Policy Manager 6.7 EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. | 9.8 |