Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-07 | CVE-2016-0901 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | 6.1 |
| 2016-05-07 | CVE-2016-0900 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | 6.1 |
| 2016-05-03 | CVE-2016-0895 | Improper Input Validation vulnerability in EMC RSA Data Loss Prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. | 4.3 |
| 2016-05-03 | CVE-2016-0894 | 7PK - Security Features vulnerability in EMC RSA Data Loss Prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | 6.3 |
| 2016-05-03 | CVE-2016-0893 | Information Exposure vulnerability in EMC RSA Data Loss Prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | 4.3 |
| 2016-05-03 | CVE-2016-0892 | Cross-site Scripting vulnerability in EMC RSA Data Loss Prevention Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-03-09 | CVE-2016-0886 | Information Exposure vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | 4.3 |
| 2016-02-12 | CVE-2016-0882 | Unspecified vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.4 |
| 2016-02-12 | CVE-2016-0881 | Injection vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. | 6.5 |
| 2015-12-28 | CVE-2015-6852 | Information Exposure vulnerability in EMC Secure Remote Services 3.0/3.02/3.03 Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | 4.3 |