Emc

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-0514 1Emc 2Vipr Srm Watch4net May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
CVE-2015-0513 1Emc 2Vipr Srm Watch4net May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script o...Show more Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.Show less
CVE-2014-4639 1Emc 1Documentum Wdk May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks v...Show more EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.Show less
CVE-2014-4638 1Emc 1Documentum Wdk May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.
CVE-2014-4637 1Emc 1Documentum Wdk May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.
CVE-2014-4636 1Emc 1Documentum Wdk May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.
CVE-2014-4635 1Emc 1Documentum Wdk May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4634 1Emc 2Appsync Replication Manager May 6, 2026 Dec 30, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substri...Show more Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.Show less
CVE-2014-4626 1Emc 1Documentum Content Server May 6, 2026 Dec 17, 2014 N/A· v4 N/A· v3 9.0 HIGH· v2 EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this o...Show more EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.Show less
CVE-2014-4633 1Emc 1Rsa Archer Egrc May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4628 1Emc 1Isilon Insightiq May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2516 1Emc 1Rsa Authentication Manager May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2014-4631 1Emc 1Rsa Adaptive Authentication On Premise May 6, 2026 Dec 8, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functi...Show more RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.Show less
CVE-2014-4629 1Emc 1Documentum Content Server May 6, 2026 Dec 6, 2014 N/A· v4 N/A· v3 9.0 HIGH· v2 EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.
CVE-2014-4623 1Emc 1Avamar May 6, 2026 Oct 25, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier f...Show more EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.Show less
CVE-2014-4620 2Emc Meditech 2Meditech Networker May 6, 2026 Oct 25, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local use...Show more The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.Show less
CVE-2014-4622 1Emc 1Documentum Content Server May 6, 2026 Sep 17, 2014 N/A· v4 N/A· v3 7.1 HIGH· v2 EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-us...Show more EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.Show less
CVE-2014-4621 1Emc 1Documentum Content Server May 6, 2026 Sep 17, 2014 N/A· v4 N/A· v3 8.5 HIGH· v2 EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-...Show more EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.Show less
CVE-2014-4619 1Emc 1Rsa Identity Management And Governance May 6, 2026 Aug 28, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentica...Show more EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username.Show less
CVE-2014-4618 1Emc 1Documentum Content Server May 6, 2026 Aug 20, 2014 N/A· v4 N/A· v3 8.5 HIGH· v2 EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.

Previous 1...101112...21 Next