Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-05 | CVE-2013-3277 | Improper Input Validation vulnerability in EMC RSA Archer Egrc Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2013-09-05 | CVE-2013-3276 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. | 6.0 |
| 2013-08-28 | CVE-2013-3271 | Credentials Management vulnerability in EMC RSA Authentication Agent 7.0.0/7.0.1/7.0.2 EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. | 5.0 |
| 2013-07-31 | CVE-2013-0943 | Information Exposure vulnerability in EMC Networker EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. | 4.6 |
| 2013-07-19 | CVE-2013-3275 | Improper Input Validation vulnerability in EMC Avamar Server and Avamar Server Virtual Edition EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." | 4.3 |
| 2013-05-22 | CVE-2013-0942 | Cross-Site Scripting vulnerability in EMC RSA Authentication Agent 7.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-05-20 | CVE-2013-3270 | Permissions, Privileges, and Access Controls vulnerability in EMC Celerra Control Station and VNX Control Station EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership. | 6.8 |
| 2013-05-10 | CVE-2013-0939 | Improper Input Validation vulnerability in EMC products EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue. | 5.8 |
| 2013-05-10 | CVE-2013-0938 | Cross-Site Scripting vulnerability in EMC products Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-05-10 | CVE-2013-0937 | Improper Authentication vulnerability in EMC products Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |