Vulnerabilities > EMC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-3757 | Unquoted Search Path or Element vulnerability in EMC Elan Touchpad Driver An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). | 7.2 |
| 2017-07-09 | CVE-2017-4976 | Use of Hard-coded Credentials vulnerability in EMC Esrs Policy Manager EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. | 7.5 |
| 2017-06-21 | CVE-2017-4990 | Unrestricted Upload of File with Dangerous Type vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | 7.5 |
| 2017-06-21 | CVE-2017-4989 | Improper Authentication vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. | 7.5 |
| 2017-06-19 | CVE-2017-4985 | Missing Authorization vulnerability in EMC Vnx1 Firmware and Vnx2 Firmware In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. | 7.2 |
| 2017-02-08 | CVE-2017-2765 | Improper Authentication vulnerability in EMC Isilon Insightiq EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. | 7.5 |
| 2017-02-03 | CVE-2017-2766 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in EMC Documentum Eroom 7.4.4/7.4.5/7.5.0 EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 7.5 |
| 2017-02-03 | CVE-2016-6649 | Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. | 7.2 |
| 2017-01-23 | CVE-2016-9870 | LDAP Injection vulnerability in EMC Isilon Onefs EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. | 7.2 |
| 2016-11-15 | CVE-2016-0909 | Improper Input Validation vulnerability in EMC Avamar Data Store and Avamar Server Virtual Edition EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. | 7.2 |