Vulnerabilities > RSA > Envision > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-03-20 | CVE-2012-0403 | Path Traversal vulnerability in RSA Envision 4.0/4.1 Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | 6.3 |
2012-03-20 | CVE-2012-0401 | SQL Injection vulnerability in RSA Envision 4.0/4.1 Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2012-03-20 | CVE-2012-0399 | Cross-Site Scripting vulnerability in RSA Envision 4.0/4.1 Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-01-27 | CVE-2011-4143 | Information Exposure vulnerability in RSA Envision 4.0/4.1 EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | 5.0 |
2011-08-25 | CVE-2011-2737 | Information Exposure vulnerability in RSA Envision RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability." | 5.0 |
2011-08-25 | CVE-2011-2736 | Cryptographic Issues vulnerability in RSA Envision 4.0 RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. | 5.0 |
2010-08-10 | CVE-2010-2634 | Unspecified vulnerability in RSA Envision RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors. | 4.0 |
2009-08-03 | CVE-2008-6886 | Permissions, Privileges, and Access Controls vulnerability in RSA Envision RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks. | 5.0 |
2007-09-14 | CVE-2007-4900 | Cross-Site Scripting vulnerability in RSA Envision 3.3.6Build0115 Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field. | 4.3 |