Emc: Security Vulnerabilities
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.018
Published
2015-03-12
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2015-03-12
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header.
CVSS Score
7.8
EPSS Score
0.013
Published
2015-03-12
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.
CVSS Score
4.3
EPSS Score
0.001
Published
2015-03-12
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
CVSS Score
3.5
EPSS Score
0.001
Published
2015-03-12
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-02-14
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
CVSS Score
9.0
EPSS Score
0.012
Published
2015-02-14
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-02-14
Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.
CVSS Score
5.8
EPSS Score
0.003
Published
2015-02-02
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
CVSS Score
4.0
EPSS Score
0.214
Published
2015-01-21