CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

EMC : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-4623 310 2014-10-25 2014-10-27
5.0
None Remote Low Not required Partial None None
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
2 CVE-2014-4193 310 2014-06-17 2014-06-19
5.0
None Remote Low Not required Partial None None
The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755.
3 CVE-2014-4192 310 2014-06-17 2014-06-19
5.0
None Remote Low Not required Partial None None
The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
4 CVE-2014-4191 310 2014-06-17 2014-06-19
5.0
None Remote Low Not required Partial None None
The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
5 CVE-2014-2519 16 DoS +Info 2014-07-19 2014-08-04
5.8
None Remote Medium Not required Partial None Partial
The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports.
6 CVE-2014-2509 2014-06-30 2014-07-24
5.4
None Local Network Medium Not required Partial Partial Partial
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie.
7 CVE-2014-2505 2014-08-20 2014-08-20
5.4
None Local Network Medium Not required Partial Partial Partial
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
8 CVE-2014-2276 264 +Info 2014-03-21 2014-04-01
5.0
None Remote Low Not required Partial None None
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
9 CVE-2014-0642 264 Bypass 2014-04-15 2014-04-16
5.5
None Remote Low Single system Partial Partial None
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.
10 CVE-2014-0636 310 2014-04-11 2014-04-14
5.8
None Remote Medium Not required Partial Partial None
EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.
11 CVE-2014-0628 20 DoS 2014-03-25 2014-03-25
5.0
None Remote Low Not required None None Partial
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
12 CVE-2014-0627 310 2014-02-17 2014-02-18
5.0
None Remote Low Not required None Partial None
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
13 CVE-2014-0626 310 Bypass 2014-02-17 2014-02-18
5.0
None Remote Low Not required Partial None None
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
14 CVE-2014-0625 399 DoS 2014-02-17 2014-02-18
5.0
None Remote Low Not required None None Partial
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
15 CVE-2013-6174 20 2013-11-20 2013-12-08
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.
16 CVE-2013-6078 310 2014-06-17 2014-06-19
5.8
None Remote Medium Not required Partial Partial None
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.
17 CVE-2013-3279 255 +Info 2013-10-16 2013-10-17
5.0
None Remote Low Not required Partial None None
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.
18 CVE-2013-3277 20 2013-09-05 2013-09-18
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
19 CVE-2013-3271 255 2013-08-28 2013-10-07
5.0
None Remote Low Not required Partial None None
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack.
20 CVE-2013-0939 20 +Info 2013-05-10 2013-05-10
5.8
None Remote Medium Not required Partial Partial None
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.
21 CVE-2013-0937 287 2013-05-10 2013-05-10
5.8
None Remote Medium Not required Partial Partial None
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.
22 CVE-2012-4616 22 Dir. Trav. 2012-12-26 2012-12-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.
23 CVE-2012-2283 2012-08-16 2012-08-16
5.5
None Remote Low Single system Partial Partial None
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors.
24 CVE-2012-0407 189 1 DoS Overflow 2012-04-20 2012-08-13
5.0
None Remote Low Not required None None Partial
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
25 CVE-2011-1744 264 DoS 2011-08-01 2011-09-21
5.8
None Remote Medium Not required Partial None Partial
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site.
26 CVE-2009-3744 DoS 2009-10-22 2009-11-20
5.0
None Remote Low Not required None None Partial
rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144.
27 CVE-2008-3288 310 2008-07-24 2009-01-29
5.0
None Remote Low Not required Partial None None
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.
28 CVE-2005-3659 DoS 2005-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
29 CVE-2005-2358 2005-08-16 2008-09-05
5.0
None Remote Low Not required Partial None None
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot).
30 CVE-2005-2357 Dir. Trav. 2005-08-16 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.