CVE-2013-0935

Published: Mar 28, 2013Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected (1)

Products: Emc: Smarts Network Configuration Manager

Emc

1 product

Smarts Network Configuration Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Emc Smarts Network Configuration Manager	Up to 9.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.