VYPR

Vipr Srm

by EMC Corporation

CVEs (10)

  • CVE-2016-0922CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.

  • CVE-2016-0891HigApr 20, 2016
    risk 0.60cvss 8.8epss 0.04

    Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.

  • CVE-2016-6641HigSep 18, 2016
    risk 0.49cvss 7.6epss 0.01

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-6643MedSep 18, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-6642MedSep 18, 2016
    risk 0.40cvss 6.1epss 0.00

    Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.

  • CVE-2016-6647MedSep 30, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-0516Jan 21, 2015
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2015-0514Jan 21, 2015
    risk 0.04cvss epss 0.08

    EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.

  • CVE-2015-0515Jan 21, 2015
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file.

  • CVE-2015-0513Jan 21, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted…