Vulnerabilities > EMC > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-20 | CVE-2015-4534 | Improper Input Validation vulnerability in EMC Documentum Content Server Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter. | 9.0 |
| 2015-08-20 | CVE-2015-4533 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. | 9.0 |
| 2015-08-20 | CVE-2015-4532 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. | 9.0 |
| 2015-08-20 | CVE-2015-4531 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. | 9.0 |
| 2015-07-05 | CVE-2015-0544 | Session Cookie Generation Weakness vulnerability in EMC Secure Remote Services 3.02/3.03/3.04 EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. | 9.3 |
| 2015-07-04 | CVE-2015-4525 | Command Injection vulnerability in EMC Isilon Onefs The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | 9.0 |
| 2015-06-29 | CVE-2015-0545 | Remote Code Execution vulnerability in EMC Unisphere for VMAX EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2015-06-17 | CVE-2015-0546 | Permissions, Privileges, and Access Controls vulnerability in EMC Unified Infrastructure Manager/Provisioning 4.1 EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. | 10.0 |
| 2015-05-07 | CVE-2015-0538 | Command Injection vulnerability in EMC Autostart 5.5.0 ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | 9.3 |
| 2015-02-14 | CVE-2015-0518 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. | 9.0 |