Vulnerabilities > EMC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-32458 | Improper Access Control vulnerability in EMC Appsync Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. | 7.8 |
| 2018-09-28 | CVE-2018-15764 | Unspecified vulnerability in EMC Esrs Policy Manager 6.8 Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. | 7.5 |
| 2018-03-16 | CVE-2017-8013 | Use of Hard-coded Credentials vulnerability in EMC Data Protection Advisor 6.3.0/6.4.0 EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. | 7.5 |
| 2018-03-12 | CVE-2018-1206 | Use of Hard-coded Credentials vulnerability in EMC Data Protection Advisor 6.3.0/6.4.0 Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. | 7.2 |
| 2018-03-08 | CVE-2018-1182 | Improper Privilege Management vulnerability in multiple products An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). | 7.2 |
| 2017-12-13 | CVE-2017-14380 | Improper Privilege Management vulnerability in EMC Isilon Onefs In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. | 7.2 |
| 2017-11-29 | CVE-2017-14378 | Unspecified vulnerability in EMC products EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." | 7.5 |
| 2017-11-01 | CVE-2017-14376 | Use of Hard-coded Credentials vulnerability in EMC Appsync 2.0/3.0.0/3.5 EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | 7.2 |
| 2017-10-19 | CVE-2017-10955 | Improper Input Validation vulnerability in EMC Data Protection Advisor 6.3.0 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. | 8.8 |
| 2017-09-12 | CVE-2017-8015 | SQL Injection vulnerability in EMC Appsync 2.0/3.0.0 EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 7.5 |