Vulnerabilities > EMC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-16 | CVE-2014-0643 | Improper Authentication vulnerability in EMC RSA Netwitness and RSA Security Analytics EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. | 7.6 |
| 2014-04-17 | CVE-2014-0644 | Information Exposure vulnerability in EMC products EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file. | 7.8 |
| 2014-04-01 | CVE-2014-0635 | Improper Authentication vulnerability in EMC Vplex Geosynchrony Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | 7.5 |
| 2014-04-01 | CVE-2014-0633 | Improper Input Validation vulnerability in EMC Vplex Geosynchrony The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | 7.7 |
| 2014-03-06 | CVE-2014-0629 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Taskspace 6.7 EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation. | 8.5 |
| 2013-12-28 | CVE-2013-6182 | Local Privilege Escalation vulnerability in EMC Replication Manager Unquoted File Paths Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. | 7.2 |
| 2013-10-25 | CVE-2013-3280 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Authentication Agent 7.1/7.1.1 EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash. | 7.5 |
| 2013-05-03 | CVE-2013-0940 | Permissions, Privileges, and Access Controls vulnerability in EMC Networker The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | 7.2 |
| 2013-02-06 | CVE-2012-2292 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 7.5 |
| 2013-01-31 | CVE-2013-0930 | Buffer Errors vulnerability in EMC Alphastor 4.0 Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name. | 7.6 |