Filtered by vendor Emc
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0633 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | 7.7 HIGH | N/A |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2014-2514 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 8.2 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. | |||||
| CVE-2016-6645 | 2 Dell, Emc | 3 Emc Unisphere, Solutions Enabler, Unisphere | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | |||||
| CVE-2015-0545 | 1 Emc | 1 Unisphere | 2025-04-12 | 10.0 HIGH | N/A |
| EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-4622 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 7.1 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. | |||||
| CVE-2016-0886 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||||
| CVE-2015-6845 | 1 Emc | 1 Sourceone Email Supervisor | 2025-04-12 | 7.5 HIGH | N/A |
| EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | |||||
| CVE-2014-2506 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | |||||
| CVE-2014-0637 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0900 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | |||||
| CVE-2014-2517 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2016-6642 | 1 Emc | 1 Vipr Srm | 2025-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | |||||
| CVE-2014-4637 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | |||||
| CVE-2016-6643 | 1 Emc | 1 Vipr Srm | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0640 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | 4.0 MEDIUM | N/A |
| EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | |||||
| CVE-2016-0901 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | |||||
| CVE-2014-4631 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-12 | 5.0 MEDIUM | N/A |
| RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | |||||
| CVE-2015-4528 | 1 Emc | 1 Documentum Centerstage | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0630 | 1 Emc | 1 Documentum Taskspace | 2025-04-12 | 4.0 MEDIUM | N/A |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. | |||||
| CVE-2014-0635 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | 7.5 HIGH | N/A |
| Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||||