Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Emc Subscribe
Total 412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11071 1 Emc 2 Isilon Onefs, Isilonsd Edge 2019-10-09 5.0 MEDIUM 7.5 HIGH
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.
CVE-2018-11079 1 Emc 1 Secure Remote Services 2019-10-09 2.1 LOW 7.8 HIGH
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
CVE-2018-11051 1 Emc 1 Rsa Certificate Manager 2019-10-09 5.0 MEDIUM 7.5 HIGH
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
CVE-2018-11061 1 Emc 2 Rsa Netwitness, Rsa Security Analytics 2019-10-09 9.0 HIGH 9.1 CRITICAL
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.
CVE-2017-10955 1 Emc 1 Data Protection Advisor 2019-10-09 9.0 HIGH 8.8 HIGH
** DISPUTED ** This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability.
CVE-2017-4985 1 Emc 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more 2019-10-02 7.2 HIGH 7.8 HIGH
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.
CVE-2017-4988 1 Emc 1 Isilon Onefs 2019-10-02 9.0 HIGH 7.2 HIGH
EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
CVE-2017-4976 1 Emc 1 Esrs Policy Manager 2019-10-02 7.5 HIGH 9.8 CRITICAL
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.
CVE-2017-14387 1 Emc 1 Isilon Onefs 2019-10-02 6.4 MEDIUM 6.5 MEDIUM
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
CVE-2017-4979 1 Emc 1 Isilon Onefs 2019-10-02 4.6 MEDIUM 7.1 HIGH
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.
CVE-2017-14380 1 Emc 1 Isilon Onefs 2019-10-02 7.2 HIGH 6.7 MEDIUM
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
CVE-2017-14378 1 Emc 2 Rsa Authentication Agent Api For C, Rsa Authentication Agent Sdk For C 2019-10-02 7.5 HIGH 10.0 CRITICAL
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."
CVE-2017-4982 1 Emc 1 Mainframe Enablers Resourcepak Base 2019-10-02 10.0 HIGH 9.8 CRITICAL
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-2765 1 Emc 1 Isilon Insightiq 2019-10-02 7.5 HIGH 9.8 CRITICAL
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system.
CVE-2018-1235 1 Emc 2 Recoverpoint, Recoverpoint For Virtual Machines 2019-10-02 10.0 HIGH 9.8 CRITICAL
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.
CVE-2018-1240 1 Emc 1 Vipr Controller 2019-10-02 2.7 LOW 8.0 HIGH
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
CVE-2011-1744 1 Emc 1 Captiva Einput 2019-03-13 5.8 MEDIUM N/A
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site.
CVE-2011-1742 1 Emc 1 Data Protection Advisor 2019-03-13 2.1 LOW N/A
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file.
CVE-2011-1743 1 Emc 1 Captiva Einput 2019-03-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2287 2 Emc, Microsoft 4 Rsa Authentication Agent, Rsa Authentication Client, Windows Server 2003 and 1 more 2019-02-26 8.5 HIGH N/A
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.