VPlex GeoSynchrony
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6850 | Hig | 0.55 | 8.4 | 0.01 | Dec 28, 2015 | EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | ||
| CVE-2018-11078 | Med | 0.26 | 4.0 | 0.01 | Sep 11, 2018 | Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. | ||
| CVE-2015-6847 | 0.00 | — | 0.01 | Nov 18, 2015 | The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. | |||
| CVE-2014-0635 | 0.00 | — | 0.01 | Apr 1, 2014 | Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-0634 | 0.00 | — | 0.01 | Apr 1, 2014 | EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||
| CVE-2014-0633 | 0.00 | — | 0.01 | Apr 1, 2014 | The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||
| CVE-2014-0632 | 0.00 | — | 0.04 | Apr 1, 2014 | Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||
| CVE-2013-3278 | 0.00 | — | 0.00 | Oct 1, 2013 | EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file. |
- risk 0.55cvss 8.4epss 0.01
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.
- risk 0.26cvss 4.0epss 0.01
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.
- CVE-2015-6847Nov 18, 2015risk 0.00cvss —epss 0.01
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file.
- CVE-2014-0635Apr 1, 2014risk 0.00cvss —epss 0.01
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.
- CVE-2014-0634Apr 1, 2014risk 0.00cvss —epss 0.01
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
- CVE-2014-0633Apr 1, 2014risk 0.00cvss —epss 0.01
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
- CVE-2014-0632Apr 1, 2014risk 0.00cvss —epss 0.04
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.
- CVE-2013-3278Oct 1, 2013risk 0.00cvss —epss 0.00
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.