Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-25 | CVE-2016-8214 | Permission Issues vulnerability in EMC Avamar Data Store and Avamar Virtual Edition EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | 4.6 |
| 2017-01-23 | CVE-2016-8213 | Cross-site Scripting vulnerability in EMC products EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 4.3 |
| 2017-01-06 | CVE-2016-9867 | Permissions, Privileges, and Access Controls vulnerability in EMC Scaleio An issue was discovered in EMC ScaleIO versions before 2.0.1.1. | 4.6 |
| 2016-09-24 | CVE-2016-0918 | Information Exposure vulnerability in EMC products EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. | 4.0 |
| 2016-09-21 | CVE-2016-0921 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132 Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. | 6.9 |
| 2016-09-21 | CVE-2016-0904 | Information Exposure vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132 Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | 5.0 |
| 2016-09-21 | CVE-2016-0903 | Information Exposure vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132 Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | 6.4 |
| 2016-09-18 | CVE-2016-6643 | Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4 Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-09-18 | CVE-2016-6642 | Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4 Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | 5.8 |
| 2016-09-18 | CVE-2016-0922 | Improper Authorization vulnerability in EMC Vipr SRM 3.6.0/3.6.4 EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. | 5.0 |