Vulnerabilities (CVE)

Filtered by vendor Emc Subscribe
Total 416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2276 1 Emc 1 Connectrix Manager 2024-11-21 5.0 MEDIUM N/A
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
CVE-2014-0646 1 Emc 1 Rsa Access Manager 2024-11-21 6.9 MEDIUM N/A
The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.
CVE-2014-0645 1 Emc 4 Cloud Tiering Appliance, Cloud Tiering Appliance Software, File Management Appliance and 1 more 2024-11-21 4.7 MEDIUM N/A
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.
CVE-2014-0644 1 Emc 2 Cloud Tiering Appliance, Cloud Tiering Appliance Software 2024-11-21 7.8 HIGH N/A
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
CVE-2014-0643 1 Emc 2 Rsa Netwitness, Rsa Security Analytics 2024-11-21 7.6 HIGH N/A
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.
CVE-2014-0642 1 Emc 1 Documentum Content Server 2024-11-21 5.5 MEDIUM N/A
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.
CVE-2014-0641 1 Emc 1 Rsa Archer Egrc 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-0640 1 Emc 1 Rsa Archer Egrc 2024-11-21 4.0 MEDIUM N/A
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
CVE-2014-0639 1 Emc 1 Rsa Archer Egrc 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0638 1 Emc 1 Rsa Adaptive Authentication On-premise 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue.
CVE-2014-0637 1 Emc 1 Rsa Adaptive Authentication On-premise 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0635 1 Emc 1 Vplex Geosynchrony 2024-11-21 7.5 HIGH N/A
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-0634 1 Emc 1 Vplex Geosynchrony 2024-11-21 6.0 MEDIUM N/A
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2014-0633 1 Emc 1 Vplex Geosynchrony 2024-11-21 7.7 HIGH N/A
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
CVE-2014-0632 1 Emc 1 Vplex Geosynchrony 2024-11-21 9.0 HIGH N/A
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2014-0630 1 Emc 1 Documentum Taskspace 2024-11-21 4.0 MEDIUM N/A
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.
CVE-2014-0629 1 Emc 1 Documentum Taskspace 2024-11-21 8.5 HIGH N/A
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.
CVE-2014-0627 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2024-11-21 5.0 MEDIUM N/A
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
CVE-2014-0626 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2024-11-21 5.0 MEDIUM N/A
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
CVE-2014-0625 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2024-11-21 5.0 MEDIUM N/A
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.