Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Emc Subscribe
Total 412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5339 1 Emc 1 Rsa Authentication Manager 2022-09-30 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.
CVE-2020-5346 1 Emc 1 Rsa Authentication Manager 2022-09-30 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
CVE-2020-5340 1 Emc 1 Rsa Authentication Manager 2022-09-30 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.
CVE-2017-5003 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2022-04-29 4.3 MEDIUM 6.1 MEDIUM
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
CVE-2017-5004 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2022-04-29 3.5 LOW 5.4 MEDIUM
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
CVE-2019-3733 2 Dell, Emc 2 Bsafe Crypto-c-micro-edition, Rsa Bsafe Crypto-c 2022-04-12 4.0 MEDIUM 4.9 MEDIUM
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2019-3732 2 Dell, Emc 3 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Rsa Bsafe Crypto-c 2022-04-12 5.0 MEDIUM 7.5 HIGH
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2014-0627 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2021-12-09 5.0 MEDIUM N/A
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
CVE-2014-0626 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2021-12-09 5.0 MEDIUM N/A
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
CVE-2014-0625 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2021-12-09 5.0 MEDIUM N/A
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
CVE-2021-25252 7 Apple, Emc, Linux and 4 more 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more 2021-09-08 4.9 MEDIUM 5.5 MEDIUM
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2018-11049 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2021-08-06 6.9 MEDIUM 7.3 HIGH
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
CVE-2017-8004 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2021-08-06 6.5 MEDIUM 7.2 HIGH
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.
CVE-2017-8005 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2021-08-06 3.5 LOW 5.4 MEDIUM
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.
CVE-2018-1182 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2021-08-06 7.2 HIGH 7.8 HIGH
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.
CVE-2016-6645 2 Dell, Emc 3 Emc Unisphere, Solutions Enabler, Unisphere 2021-08-05 9.0 HIGH 8.8 HIGH
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class.
CVE-2016-6646 2 Dell, Emc 3 Emc Unisphere, Solutions Enabler, Unisphere 2021-08-05 10.0 HIGH 9.8 CRITICAL
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.
CVE-2017-14375 2 Dell, Emc 4 Emc Unisphere, Solutions Enabler, Vasa and 1 more 2021-08-05 10.0 HIGH 9.8 CRITICAL
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2016-0915 1 Emc 1 Authentication Manager Prime 2020-08-27 5.5 MEDIUM 8.1 HIGH
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
CVE-2019-3711 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2020-08-24 4.0 MEDIUM 7.2 HIGH
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.