Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-12 | CVE-2014-2516 | URI Redirection vulnerability in EMC RSA Authentication Manager 8.0/8.1 Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network emc | 5.8 |
| 2014-12-08 | CVE-2014-4631 | Improper Authentication vulnerability in EMC RSA Adaptive Authentication On-Premise 6.0.2.1/7.0/7.1 RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | 5.0 |
| 2014-10-25 | CVE-2014-4623 | Cryptographic Issues vulnerability in EMC Avamar EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 4.3 |
| 2014-08-20 | CVE-2014-2521 | Information Exposure vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. | 6.3 |
| 2014-08-20 | CVE-2014-2520 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. | 6.3 |
| 2014-08-20 | CVE-2014-2518 | Cross-Site Request Forgery (CSRF) vulnerability in EMC products Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-08-20 | CVE-2014-2517 | Privilege Escalation vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | 6.5 |
| 2014-08-20 | CVE-2014-2511 | Cross-Site Scripting vulnerability in EMC products Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. | 4.3 |
| 2014-08-20 | CVE-2014-2505 | Remote Code Execution vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. | 5.4 |
| 2014-08-20 | CVE-2014-0641 | Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |