Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-04 | CVE-2014-0638 | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue. | 4.3 |
| 2014-04-04 | CVE-2014-0637 | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-04-01 | CVE-2014-0634 | Improper Input Validation vulnerability in EMC Vplex Geosynchrony EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 6.0 |
| 2014-03-27 | CVE-2014-0623 | Cross-Site Scripting vulnerability in EMC RSA Authentication Manager 7.1 Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue. | 4.3 |
| 2014-03-21 | CVE-2014-2276 | Permissions, Privileges, and Access Controls vulnerability in EMC Connectrix Manager 11.2.1/12.0.1/12.0.3 The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. | 5.0 |
| 2014-03-06 | CVE-2014-0630 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Taskspace 6.7 EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. | 4.0 |
| 2014-02-18 | CVE-2014-0627 | Cryptographic Issues vulnerability in multiple products The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. | 5.0 |
| 2014-02-18 | CVE-2014-0626 | Cryptographic Issues vulnerability in multiple products The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. | 5.0 |
| 2014-02-18 | CVE-2014-0625 | Resource Management Errors vulnerability in multiple products The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. | 5.0 |
| 2013-12-19 | CVE-2013-6178 | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |