Vulnerabilities > RSA > Envision > 4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-03-20 | CVE-2012-0403 | Path Traversal vulnerability in RSA Envision 4.0/4.1 Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | 6.3 |
2012-03-20 | CVE-2012-0402 | Credentials Management vulnerability in RSA Envision 4.0/4.1 EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. | 9.3 |
2012-03-20 | CVE-2012-0401 | SQL Injection vulnerability in RSA Envision 4.0/4.1 Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2012-03-20 | CVE-2012-0400 | Improper Authentication vulnerability in RSA Envision 4.0/4.1 EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.9 |
2012-03-20 | CVE-2012-0399 | Cross-Site Scripting vulnerability in RSA Envision 4.0/4.1 Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-01-27 | CVE-2011-4143 | Information Exposure vulnerability in RSA Envision 4.0/4.1 EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | 5.0 |
2011-08-25 | CVE-2011-2737 | Information Exposure vulnerability in RSA Envision RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability." | 5.0 |
2011-08-25 | CVE-2011-2736 | Cryptographic Issues vulnerability in RSA Envision 4.0 RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. | 5.0 |