EMC EMC IT Solutions

Do you want an email whenever new security vulnerabilities are reported in any EMC product?

Products by EMC Sorted by Most Security Vulnerabilities since 2018

EMC Rsa Authentication Manager11 vulnerabilities

EMC Rsa Bsafe11 vulnerabilities

EMC Recoverpoint6 vulnerabilities

EMC Rsa Bsafe Crypto C6 vulnerabilities

EMC Rsa Bsafe Ssl J3 vulnerabilities

EMC Secure Remote Services2 vulnerabilities

EMC Rsa Archer2 vulnerabilities

EMC Vipr Controller1 vulnerability

EMC Rsa Netwitness1 vulnerability

EMC Rsa Bsafe Crypto J1 vulnerability

EMC Isilonsd Edge1 vulnerability

EMC Isilon Onefs1 vulnerability

EMC Esrs Policy Manager1 vulnerability

By the Year

In 2021 there have been 0 vulnerabilities in EMC . Last year EMC had 4 security vulnerabilities published. Right now, EMC is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 4 5.23
2019 8 6.16
2018 34 6.96

It may take a day or so for new EMC vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest EMC Security Vulnerabilities

RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console

CVE-2020-5346 4.8 - Medium - April 15, 2020

RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

XSS

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console

CVE-2020-5340 4.8 - Medium - March 26, 2020

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.

XSS

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console

CVE-2020-5339 4.8 - Medium - March 26, 2020

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.

XSS

RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability

CVE-2019-3768 6.5 - Medium - January 03, 2020

RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.

XXE

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console

CVE-2019-18574 4.8 - Medium - December 03, 2019

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.

XSS

RSA BSAFE Crypto-C Micro Edition

CVE-2019-3733 4.9 - Medium - September 30, 2019

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Information Disclosure

RSA BSAFE Crypto-C Micro Edition

CVE-2019-3732 7.5 - High - September 30, 2019

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Side Channel Attack

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy

CVE-2019-3731 7.5 - High - September 30, 2019

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Side Channel Attack

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x)

CVE-2019-3730 7.5 - High - September 30, 2019

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a padding oracle attack vulnerability. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Generation of Error Message Containing Sensitive Information

RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x

CVE-2019-3729 2.4 - Low - September 30, 2019

RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.

Classic Buffer Overflow

RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x

CVE-2019-3728 7.5 - High - September 30, 2019

RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.

Out-of-bounds Read

RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability

CVE-2019-3711 7.2 - High - March 13, 2019

RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue

CVE-2018-15769 7.5 - High - November 16, 2018

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability

CVE-2018-15771 5.5 - Medium - November 13, 2018

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.

Information Disclosure

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability

CVE-2018-11079 7.8 - High - October 18, 2018

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.

Insufficiently Protected Credentials

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities

CVE-2018-11080 7.8 - High - October 18, 2018

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.

Incorrect Permission Assignment for Critical Resource

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page

CVE-2018-11075 4.7 - Medium - September 28, 2018

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.

XSS

RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability

CVE-2018-11074 6.1 - Medium - September 28, 2018

RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.

XSS

RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console

CVE-2018-11073 4.8 - Medium - September 28, 2018

RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

XSS

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services

CVE-2018-15764 9.8 - Critical - September 28, 2018

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.

Dell EMC Isilon OneFS versions 7.1.1.x

CVE-2018-11071 7.5 - High - September 18, 2018

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

Improper Input Validation

RSA BSAFE Micro Edition Suite

CVE-2018-11058 9.8 - Critical - September 14, 2018

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.

Out-of-bounds Read

RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations

CVE-2018-11070 5.9 - Medium - September 11, 2018

RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

Use of a Broken or Risky Cryptographic Algorithm

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption

CVE-2018-11069 5.9 - Medium - September 11, 2018

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

Use of a Broken or Risky Cryptographic Algorithm

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability

CVE-2018-11068 4.6 - Medium - September 11, 2018

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

Insufficient Cleanup

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability

CVE-2018-11054 7.5 - High - August 31, 2018

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

Integer Overflow or Wraparound

RSA BSAFE Micro Edition Suite

CVE-2018-11057 5.9 - Medium - August 31, 2018

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

Use of a Broken or Risky Cryptographic Algorithm

RSA BSAFE Micro Edition Suite

CVE-2018-11056 6.5 - Medium - August 31, 2018

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.

Resource Exhaustion

RSA BSAFE Micro Edition Suite

CVE-2018-11055 5.5 - Medium - August 31, 2018

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

Improper Resource Shutdown or Release

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product

CVE-2018-11061 9.1 - Critical - August 24, 2018

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability

CVE-2018-1255 6.1 - Medium - July 13, 2018

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

XSS

RSA Identity Lifecycle and Governance versions 7.0.1

CVE-2018-1245 8.8 - High - July 13, 2018

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

AuthZ

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability

CVE-2018-11049 7.3 - High - July 11, 2018

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

DLL preloading

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server

CVE-2018-11051 7.5 - High - July 03, 2018

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Directory traversal

RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability

CVE-2018-1253 6.1 - Medium - June 21, 2018

RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

XSS

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability

CVE-2018-1254 6.1 - Medium - June 21, 2018

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

XSS

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability

CVE-2018-1235 9.8 - Critical - May 29, 2018

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.

Shell injection

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3

CVE-2018-1241 8.8 - High - May 29, 2018

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.

Insertion of Sensitive Information into Log File

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3

CVE-2018-1242 6.5 - Medium - May 29, 2018

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.

Shell injection

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP

CVE-2018-1240 8 - High - April 18, 2018

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.

Information Disclosure

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges

CVE-2018-1206 7.8 - High - March 12, 2018

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.

Use of Hard-coded Credentials

EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature

CVE-2018-1220 6.1 - Medium - March 08, 2018

EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users.

Open Redirect

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1

CVE-2018-1182 7.8 - High - March 08, 2018

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.

Improper Privilege Management

EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API

CVE-2018-1219 4.3 - Medium - March 08, 2018

EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks.

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1

CVE-2018-1184 6.7 - Medium - February 03, 2018

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Shell injection

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1

CVE-2018-1185 6.7 - Medium - February 03, 2018

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Shell injection

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871

CVE-2016-0915 8.1 - High - August 22, 2016

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."

Permissions, Privileges, and Access Controls

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.