Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-04 | CVE-2015-0548 | Improper Input Validation vulnerability in EMC Documentum D2 4.1/4.2/4.5 The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. | 4.0 |
| 2015-07-04 | CVE-2015-0547 | Improper Input Validation vulnerability in EMC Documentum D2 4.1/4.2/4.5 The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. | 4.0 |
| 2015-06-22 | CVE-2015-0526 | Cross-site Scripting vulnerability in EMC RSA Validation Manager Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. | 4.3 |
| 2015-05-25 | CVE-2015-0540 | SQL Injection vulnerability in EMC Document Sciences Xpression 4.2/4.5 SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2015-05-07 | CVE-2015-0531 | Improper Access Control vulnerability in EMC Sourceone Email Management 7.1 EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
| 2015-04-05 | CVE-2015-0529 | Credentials Management vulnerability in EMC Powerpath Virtual Appliance 1.2 EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | 5.0 |
| 2015-03-12 | CVE-2015-0522 | Cross-site Scripting vulnerability in EMC RSA Certificate Manager and RSA Registration Manager Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter. | 4.3 |
| 2015-02-14 | CVE-2015-0517 | Information Exposure vulnerability in EMC Documentum D2 The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. | 4.0 |
| 2015-02-02 | CVE-2015-0512 | Open Redirection vulnerability in EMC Unisphere Central 3.5.0 Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. network emc | 5.8 |
| 2015-01-21 | CVE-2015-0516 | Path Traversal vulnerability in EMC Vipr SRM and Watch4Net Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. | 4.0 |