Vulnerabilities > EMC > Vipr SRM > 3.6.4

DATE CVE VULNERABILITY TITLE RISK
2016-09-30 CVE-2016-6647 Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4/4.0
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
3.5
2016-09-18 CVE-2016-6643 Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
4.3
2016-09-18 CVE-2016-6642 Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.
network
emc CWE-352
5.8
5.8
2016-09-18 CVE-2016-6641 Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
3.5
2016-09-18 CVE-2016-0922 Improper Authorization vulnerability in EMC Vipr SRM 3.6.0/3.6.4
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.
network
low complexity
emc CWE-285
5.0
5.0
2016-04-20 CVE-2016-0891 Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
network
emc CWE-352
6.8
6.8