Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-18 | CVE-2015-6844 | Cross-site Scripting vulnerability in EMC Sourceone Email Supervisor Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-10-18 | CVE-2015-6843 | Information Exposure vulnerability in EMC Sourceone Email Supervisor Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. | 5.0 |
| 2015-09-26 | CVE-2015-4543 | Information Exposure vulnerability in EMC RSA Archer GRC 5.5.0/5.5.1/5.5.2 EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. | 4.0 |
| 2015-09-26 | CVE-2015-4542 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer GRC 5.5.0/5.5.1/5.5.2 EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | 6.5 |
| 2015-09-26 | CVE-2015-4539 | Cross-site Scripting vulnerability in EMC RSA Identity Management and Governance Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-08-20 | CVE-2015-4530 | Cross-Site Request Forgery (CSRF) vulnerability in EMC products Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-08-20 | CVE-2015-0542 | Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.5 Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-07-16 | CVE-2015-4529 | Open Redirection vulnerability in Multiple EMC Documentum Products Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. network emc | 5.8 |
| 2015-07-05 | CVE-2015-0543 | Improper Input Validation vulnerability in EMC Secure Remote Services 3.02/3.03/3.04 EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2015-07-04 | CVE-2015-4524 | Unrestricted Upload of File with Dangerous Type vulnerability in EMC products Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | 6.5 |