VYPR

Secure Remote Services

by EMC Corporation

CVEs (9)

  • CVE-2017-4986MedJun 14, 2017
    risk 0.35cvss 5.3epss 0.02

    EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2015-6852MedDec 28, 2015
    risk 0.28cvss 4.3epss 0.02

    Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.

  • CVE-2018-11079Oct 18, 2018
    risk 0.00cvss epss 0.00

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed…

  • CVE-2018-15765Oct 18, 2018
    risk 0.00cvss epss 0.00

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious…

  • CVE-2018-11080Oct 18, 2018
    risk 0.00cvss epss 0.00

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents…

  • CVE-2015-0544Jul 5, 2015
    risk 0.00cvss epss 0.03

    EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.

  • CVE-2015-0543Jul 5, 2015
    risk 0.00cvss epss 0.01

    EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2015-0525Mar 12, 2015
    risk 0.00cvss epss 0.04

    The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2015-0524Mar 12, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.