VYPR

Vendor CVEs

EMC Corporation

All CVEs

592 total · sorted by risk
  • CVE-2017-8005MedJul 17, 2017
    risk 0.35cvss 5.4epss 0.01

    The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and…

  • CVE-2017-4986MedJun 14, 2017
    risk 0.35cvss 5.3epss 0.02

    EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2017-5004MedJun 9, 2017
    risk 0.35cvss 5.4epss 0.01

    EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities…

  • CVE-2016-6647MedSep 30, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-0925MedSep 21, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject…

  • CVE-2016-6644MedSep 17, 2016
    risk 0.35cvss 5.3epss 0.02

    EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.

  • CVE-2016-0902MedMay 7, 2016
    risk 0.35cvss 5.3epss 0.02

    CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2016-0882MedFeb 12, 2016
    risk 0.35cvss 5.4epss 0.02

    EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2018-1202MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject…

  • CVE-2018-1201MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious…

  • CVE-2018-1188MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may…

  • CVE-2018-1187MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject…

  • CVE-2018-1186MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious…

  • CVE-2017-8003MedJul 9, 2017
    risk 0.32cvss 4.9epss 0.03

    EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in…

  • CVE-2025-36597MedFeb 17, 2026
    risk 0.31cvss 4.7epss 0.00

    Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading…

  • CVE-2018-1246MedSep 28, 2018
    risk 0.31cvss 4.7epss 0.01

    Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then…

  • CVE-2017-8000MedJul 17, 2017
    risk 0.31cvss 4.8epss 0.01

    In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that…

  • CVE-2018-11068MedSep 11, 2018
    risk 0.30cvss 4.6epss 0.00

    RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

  • CVE-2016-6648MedFeb 3, 2017
    risk 0.29cvss 4.4epss 0.00

    EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration…

  • CVE-2022-43472MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.01

    Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6.

  • CVE-2024-3275MedMay 2, 2024
    risk 0.28cvss 4.3epss 0.01

    The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to…

  • CVE-2018-1219MedMar 8, 2018
    risk 0.28cvss 4.3epss 0.02

    EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may…

  • CVE-2017-15546MedJan 25, 2018
    risk 0.28cvss 4.3epss 0.01

    The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.

  • CVE-2017-5001MedJul 7, 2017
    risk 0.28cvss 4.3epss 0.01

    EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to…

  • CVE-2017-5000MedJul 7, 2017
    risk 0.28cvss 4.3epss 0.01

    EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to…

  • CVE-2016-0918MedSep 24, 2016
    risk 0.28cvss 4.3epss 0.01

    EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.

  • CVE-2016-0895MedMay 3, 2016
    risk 0.28cvss 4.3epss 0.01

    EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.

  • CVE-2016-0893MedMay 3, 2016
    risk 0.28cvss 4.3epss 0.02

    EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.

  • CVE-2016-0886MedMar 9, 2016
    risk 0.28cvss 4.3epss 0.02

    EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.

  • CVE-2015-6852MedDec 28, 2015
    risk 0.28cvss 4.3epss 0.02

    Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.

  • CVE-2018-11078MedSep 11, 2018
    risk 0.26cvss 4.0epss 0.01

    Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.

  • CVE-2016-8217LowFeb 3, 2017
    risk 0.24cvss 3.7epss 0.01

    EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12…

  • CVE-2018-11065LowAug 24, 2018
    risk 0.18cvss 2.7epss 0.01

    The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end…

  • CVE-2026-22769KEVFeb 17, 2026
    risk 0.14cvss epss 0.13

    Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading…

  • CVE-2011-0647Feb 10, 2011
    risk 0.08cvss epss 0.64

    The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

  • CVE-2008-2158May 29, 2008
    risk 0.08cvss epss 0.58

    Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.

  • CVE-2014-0644Apr 17, 2014
    risk 0.07cvss epss 0.53

    EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by…

  • CVE-2013-0928Jan 21, 2013
    risk 0.06cvss epss 0.34

    The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.

  • CVE-2012-2288Sep 4, 2012
    risk 0.06cvss epss 0.33

    Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.

  • CVE-2009-2754Mar 5, 2010
    risk 0.06cvss epss 0.40

    Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows…

  • CVE-2008-2157May 29, 2008
    risk 0.06cvss epss 0.36

    robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.

  • CVE-2013-0946May 10, 2013
    risk 0.05cvss epss 0.29

    Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.

  • CVE-2012-2515Jul 5, 2012
    risk 0.05cvss epss 0.28

    Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms…

  • CVE-2010-0620Feb 25, 2010
    risk 0.05cvss epss 0.19

    Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.

  • CVE-2007-4058Jul 30, 2007
    risk 0.05cvss epss 0.22

    Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.

  • CVE-2015-0516Jan 21, 2015
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2015-0514Jan 21, 2015
    risk 0.04cvss epss 0.08

    EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.

  • CVE-2013-6810Dec 12, 2013
    risk 0.04cvss epss 0.17

    The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable…

  • CVE-2012-2276May 14, 2012
    risk 0.04cvss epss 0.09

    The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version…

  • CVE-2012-0406Apr 20, 2012
    risk 0.04cvss epss 0.09

    The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field…

Page 4 of 12