Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-17 | CVE-2016-6644 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 4.5/4.6 EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | 5.0 |
| 2016-08-22 | CVE-2016-0915 | Permissions, Privileges, and Access Controls vulnerability in EMC Authentication Manager Prime 3.0/3.1 The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." | 5.5 |
| 2016-07-06 | CVE-2016-0906 | Improper Access Control vulnerability in EMC Avamar The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation. | 6.5 |
| 2016-06-23 | CVE-2016-0914 | Improper Access Control vulnerability in EMC products EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | 6.5 |
| 2016-06-10 | CVE-2016-0910 | Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | 4.3 |
| 2016-06-04 | CVE-2016-0908 | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | 6.8 |
| 2016-05-30 | CVE-2016-0907 | 7PK - Security Features vulnerability in EMC Isilon Onefs and Isilonsd Edge Onefs EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. | 4.3 |
| 2016-05-07 | CVE-2016-0902 | HTTP Response Splitting vulnerability in EMC RSA Authentication Manager 8.1 CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
| 2016-05-07 | CVE-2016-0901 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | 4.3 |
| 2016-05-07 | CVE-2016-0900 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | 4.3 |