Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-20 | CVE-2014-0640 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | 4.0 |
| 2014-07-19 | CVE-2014-2519 | Information Exposure vulnerability in EMC Recoverpoint Appliance 4.1 The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports. | 5.8 |
| 2014-07-08 | CVE-2014-2510 | Information Exposure vulnerability in EMC products The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 6.8 |
| 2014-07-01 | CVE-2014-2509 | Session Fixation vulnerability in EMC Smarts Network Configuration Manager 9.1/9.2 Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. | 5.4 |
| 2014-06-17 | CVE-2013-6078 | Cryptographic Issues vulnerability in EMC RSA Bsafe Toolkits and RSA Data Protection Manager The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. | 5.8 |
| 2014-06-04 | CVE-2014-2502 | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication Hosted 11.0 Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-05-25 | CVE-2014-0639 | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-05-01 | CVE-2014-0646 | Cryptographic Issues vulnerability in EMC RSA Access Manager 6.1/6.2 The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files. | 6.9 |
| 2014-04-17 | CVE-2014-0645 | Credentials Management vulnerability in EMC products EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack. | 4.7 |
| 2014-04-15 | CVE-2014-0642 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. | 5.5 |