Vulnerabilities > EMC > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-22 CVE-2016-0915 Permissions, Privileges, and Access Controls vulnerability in EMC Authentication Manager Prime 3.0/3.1
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
network
low complexity
emc CWE-264
8.1
8.1
2016-07-06 CVE-2016-0906 Improper Access Control vulnerability in EMC Avamar
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.
network
low complexity
emc CWE-284
8.8
8.8
2016-06-10 CVE-2016-0910 Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS 5.5.3.3/5.6.1.0/5.7.1.0
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.
local
low complexity
emc CWE-264
8.8
8.8
2016-04-20 CVE-2016-0891 Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
network
low complexity
emc CWE-352
8.8
8.8
2016-04-07 CVE-2016-0888 Unspecified vulnerability in EMC Documentum D2
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
network
low complexity
emc
8.8
8.8
2015-12-28 CVE-2015-6850 Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.
local
low complexity
emc CWE-264
8.4
8.4
2015-12-21 CVE-2015-4545 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
network
low complexity
emc CWE-264
8.0
8.0