Vulnerabilities > EMC > Low

DATE CVE VULNERABILITY TITLE RISK
2014-10-25 CVE-2014-4620 Information Exposure vulnerability in multiple products
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
local
low complexity
meditech emc CWE-200
2.1
2014-07-01 CVE-2014-2512 Cross-Site Scripting vulnerability in EMC Documentum Eroom 7.4.3/7.4.4
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
2014-03-06 CVE-2014-0624 Unspecified vulnerability in EMC RSA Data Loss Prevention 9.0/9.5/9.6
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.
low complexity
emc
2.7
2013-12-28 CVE-2013-6181 Cryptographic Issues vulnerability in EMC Watch4Net 6.0/6.1/6.2
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.
local
low complexity
emc CWE-310
2.1
2013-11-21 CVE-2013-6177 Path Traversal vulnerability in EMC Document Sciences Xpression 4.1/4.2/4.5
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.
network
emc CWE-22
3.5
2013-11-02 CVE-2013-3285 Cryptographic Issues vulnerability in EMC Networker
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
network
emc CWE-310
3.5
2013-07-08 CVE-2013-3272 Credentials Management vulnerability in EMC Replication Manager
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack.
local
low complexity
emc CWE-255
2.1
2013-07-08 CVE-2013-3273 Credentials Management vulnerability in multiple products
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
local
low complexity
emc rsa CWE-255
2.1
2013-05-03 CVE-2013-0944 Information Exposure vulnerability in EMC Avamar
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
network
emc CWE-200
3.5
2012-11-27 CVE-2012-4615 Cryptographic Issues vulnerability in EMC IT Operations Intelligence 9.0
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
emc CWE-310
2.1