Vulnerabilities > EMC > Secure Remote Services > 3.03

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-11080 Incorrect Permission Assignment for Critical Resource vulnerability in EMC Secure Remote Services 3.0/3.02/3.03
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities.
local
low complexity
emc CWE-732
4.6
4.6
2018-10-18 CVE-2018-11079 Insufficiently Protected Credentials vulnerability in EMC Secure Remote Services 3.0/3.02/3.03
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability.
local
low complexity
emc CWE-522
2.1
2.1
2015-12-28 CVE-2015-6852 Information Exposure vulnerability in EMC Secure Remote Services 3.0/3.02/3.03
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
network
low complexity
emc CWE-200
4.0
4.0
2015-07-05 CVE-2015-0544 Session Cookie Generation Weakness vulnerability in EMC Secure Remote Services 3.02/3.03/3.04
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.
network
emc
critical
 9.3
9.3
2015-07-05 CVE-2015-0543 Improper Input Validation vulnerability in EMC Secure Remote Services 3.02/3.03/3.04
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
emc CWE-20
5.8
5.8
2015-03-12 CVE-2015-0525 OS Command Injection vulnerability in EMC Secure Remote Services 3.02/3.03
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
network
low complexity
emc CWE-78
7.5
7.5
2015-03-12 CVE-2015-0524 SQL Injection vulnerability in EMC Secure Remote Services 3.02/3.03
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
emc CWE-89
7.5
7.5