Vulnerabilities > EMC > Low

DATE CVE VULNERABILITY TITLE RISK
2015-09-26 CVE-2015-4541 Cross-site Scripting vulnerability in EMC RSA Archer GRC 5.5.0/5.5.1/5.5.2
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
3.5
2015-08-22 CVE-2015-4537 Information Exposure vulnerability in EMC Documentum D2
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
network
emc CWE-200
3.5
3.5
2015-08-20 CVE-2015-4536 Information Exposure vulnerability in EMC Documentum Content Server 7.0/7.1/7.2
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
network
emc CWE-200
3.5
3.5
2015-07-16 CVE-2015-4528 Cross-site Scripting vulnerability in EMC Documentum Centerstage 1.2
Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
3.5
2015-07-04 CVE-2015-0551 Cross-site Scripting vulnerability in EMC products
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
3.5
2015-06-28 CVE-2015-0549 Cross-site Scripting vulnerability in EMC Documentum D2
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
3.5
2015-03-24 CVE-2015-0527 Information Exposure vulnerability in EMC Documentum Xcelerated Management System 1.1
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file.
local
low complexity
emc CWE-200
2.1
2.1
2015-03-12 CVE-2015-0521 Cross-site Scripting vulnerability in EMC RSA Certificate Manager and RSA Registration Manager
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
network
emc CWE-79
3.5
3.5
2015-02-14 CVE-2015-0519 Information Exposure vulnerability in EMC Captiva Capture 7.0/7.1
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.
local
low complexity
emc CWE-200
2.1
2.1
2015-01-21 CVE-2015-0513 Cross-site Scripting vulnerability in EMC Vipr SRM and Watch4Net
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
network
emc CWE-79
3.5
3.5