Vulnerabilities > EMC > High

DATE CVE VULNERABILITY TITLE RISK
2016-10-05 CVE-2016-0913 Improper Input Validation vulnerability in EMC products
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share.
network
low complexity
emc CWE-20
7.5
2016-09-21 CVE-2016-0920 Command Injection vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.
local
low complexity
emc CWE-77
7.2
2016-09-21 CVE-2016-0917 Permissions, Privileges, and Access Controls vulnerability in EMC products
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.
network
low complexity
emc CWE-264
7.5
2016-09-21 CVE-2016-0905 Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
local
low complexity
emc CWE-264
7.2
2015-12-28 CVE-2015-6850 Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.
local
low complexity
emc CWE-264
7.2
2015-12-05 CVE-2015-6849 Improper Input Validation vulnerability in EMC Networker
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
network
low complexity
emc CWE-20
7.8
2015-11-27 CVE-2015-6848 Improper Access Control vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.
network
emc CWE-284
8.5
2015-10-18 CVE-2015-6845 Unspecified vulnerability in EMC Sourceone Email Supervisor
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.
network
low complexity
emc
7.5
2015-10-02 CVE-2015-4546 Path Traversal vulnerability in EMC RSA Certificate Manager and RSA Onestep
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.
network
low complexity
emc CWE-22
7.8
2015-09-04 CVE-2015-4538 XML External Entity Injection vulnerability in EMC Atmos 2.2.3/2.3.0
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
emc
7.5