Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-28 | CVE-2018-11073 | Cross-site Scripting vulnerability in multiple products RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. | 4.8 |
| 2018-07-13 | CVE-2018-1255 | Cross-site Scripting vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0 RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. | 6.1 |
| 2018-06-21 | CVE-2018-1254 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.0/8.3 RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. | 6.1 |
| 2018-06-21 | CVE-2018-1253 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. | 6.1 |
| 2018-05-29 | CVE-2018-1242 | OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. | 6.5 |
| 2018-03-08 | CVE-2018-1220 | Open Redirect vulnerability in EMC RSA Archer EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. | 6.1 |
| 2018-03-08 | CVE-2018-1219 | Unspecified vulnerability in EMC RSA Archer EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. | 4.3 |
| 2018-01-25 | CVE-2017-15546 | SQL Injection vulnerability in EMC RSA Authentication Manager The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. | 4.3 |
| 2017-12-20 | CVE-2017-14387 | Unspecified vulnerability in EMC Isilon Onefs The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. | 6.5 |
| 2017-12-13 | CVE-2017-14380 | Improper Privilege Management vulnerability in EMC Isilon Onefs In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. | 6.7 |