| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation. |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. |
| EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. |
| Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. |
| EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. |
| Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter. |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. |
| SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
| EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. |
| Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. |
| The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. |
| EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. |
| The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. |
