Filtered by vendor Emc
Subscriptions
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0882 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | N/A |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-4637 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | ||||
| CVE-2016-0901 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | ||||
| CVE-2015-4531 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622. | ||||
| CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2025-04-12 | N/A |
| EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | ||||
| CVE-2015-0551 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-0547 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. | ||||
| CVE-2015-0540 | 1 Emc | 1 Document Sciences Xpression | 2025-04-12 | N/A |
| SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-0532 | 1 Emc | 1 Rsa Identity Management And Governance | 2025-04-12 | N/A |
| EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account. | ||||
| CVE-2015-0545 | 1 Emc | 1 Unisphere | 2025-04-12 | N/A |
| EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-0549 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4533 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | ||||
| CVE-2015-6849 | 1 Emc | 1 Networker | 2025-04-12 | N/A |
| EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. | ||||
| CVE-2015-0542 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-0519 | 1 Emc | 1 Captiva Capture | 2025-04-12 | N/A |
| The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2015-0543 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | N/A |
| EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-0526 | 1 Emc | 1 Rsa Validation Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. | ||||
| CVE-2015-0538 | 1 Emc | 1 Autostart | 2025-04-12 | N/A |
| ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | ||||
| CVE-2016-6645 | 2 Dell, Emc | 3 Emc Unisphere, Solutions Enabler, Unisphere | 2025-04-12 | N/A |
| The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | ||||
| CVE-2015-0527 | 1 Emc | 1 Documentum Xcelerated Management System | 2025-04-12 | N/A |
| EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. | ||||