| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-5346 |
79 |
|
Exec Code XSS |
2020-04-15 |
2020-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser. |
|
2 |
CVE-2020-5340 |
79 |
|
Exec Code XSS |
2020-03-26 |
2020-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser. |
|
3 |
CVE-2020-5339 |
79 |
|
Exec Code XSS |
2020-03-26 |
2020-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser. |
|
4 |
CVE-2019-18574 |
79 |
|
Exec Code XSS |
2019-12-03 |
2019-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser. |
|
5 |
CVE-2019-3768 |
611 |
|
|
2020-01-03 |
2020-01-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message. |
|
6 |
CVE-2019-3733 |
459 |
|
|
2019-09-30 |
2022-04-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. |
|
7 |
CVE-2019-3711 |
|
|
|
2019-03-13 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks. |
|
8 |
CVE-2018-15771 |
200 |
|
+Info |
2018-11-13 |
2019-02-01 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. |
|
9 |
CVE-2018-11080 |
732 |
|
|
2018-10-18 |
2019-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges. |
|
10 |
CVE-2018-11079 |
522 |
|
|
2018-10-18 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database. |
|
11 |
CVE-2018-11075 |
79 |
|
Exec Code XSS CSRF |
2018-09-28 |
2020-03-27 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application. |
|
12 |
CVE-2018-11074 |
79 |
|
Exec Code XSS |
2018-09-28 |
2020-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application. |
|
13 |
CVE-2018-11073 |
79 |
|
Exec Code XSS |
2018-09-28 |
2020-03-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. |
|
14 |
CVE-2018-1255 |
79 |
|
Exec Code XSS |
2018-07-13 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. |
|
15 |
CVE-2018-1254 |
79 |
|
Exec Code XSS |
2018-06-21 |
2020-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. |
|
16 |
CVE-2018-1253 |
79 |
|
Exec Code XSS |
2018-06-21 |
2020-01-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. |
|
17 |
CVE-2018-1242 |
78 |
|
|
2018-05-29 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. |
|
18 |
CVE-2018-1241 |
532 |
|
|
2018-05-29 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks. |
|
19 |
CVE-2018-1240 |
200 |
|
DoS +Info |
2018-04-18 |
2019-10-03 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system. |
|
20 |
CVE-2018-1219 |
|
|
|
2018-03-08 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks. |
|
21 |
CVE-2017-15546 |
89 |
|
Sql |
2018-01-25 |
2018-02-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. |
|
22 |
CVE-2017-14379 |
79 |
|
XSS |
2017-11-28 |
2017-12-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
23 |
CVE-2017-14373 |
79 |
|
XSS |
2017-10-31 |
2017-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
24 |
CVE-2017-8024 |
79 |
|
XSS |
2017-10-18 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
|
25 |
CVE-2017-8017 |
79 |
|
XSS |
2017-10-11 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
26 |
CVE-2017-8016 |
79 |
|
XSS |
2017-10-11 |
2017-11-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. |
|
27 |
CVE-2017-8006 |
287 |
|
|
2017-07-17 |
2017-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources. |
|
28 |
CVE-2017-8005 |
79 |
|
XSS |
2017-07-17 |
2021-08-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. |
|
29 |
CVE-2017-8000 |
79 |
|
XSS |
2017-07-17 |
2017-08-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session. |
|
30 |
CVE-2017-5004 |
79 |
|
XSS |
2017-06-09 |
2022-04-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. |
|
31 |
CVE-2017-5003 |
79 |
|
XSS |
2017-06-09 |
2022-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. |
|
32 |
CVE-2017-5001 |
200 |
|
+Info |
2017-07-07 |
2017-07-17 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. |
|
33 |
CVE-2017-5000 |
200 |
|
+Info |
2017-07-07 |
2017-07-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. |
|
34 |
CVE-2017-4999 |
200 |
|
Bypass +Info |
2017-07-07 |
2017-07-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages. |
|
35 |
CVE-2017-4979 |
|
|
|
2017-05-19 |
2019-10-03 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. |
|
36 |
CVE-2017-4977 |
200 |
|
+Info |
2017-03-29 |
2017-07-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. |
|
37 |
CVE-2016-9872 |
79 |
|
XSS |
2017-02-03 |
2017-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. |
|
38 |
CVE-2016-9869 |
275 |
|
|
2017-01-06 |
2017-01-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable. |
|
39 |
CVE-2016-9868 |
254 |
|
|
2017-01-06 |
2017-01-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. |
|
40 |
CVE-2016-9867 |
264 |
|
Exec Code |
2017-01-06 |
2017-01-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. |
|
41 |
CVE-2016-8215 |
79 |
|
XSS |
2017-01-25 |
2017-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
42 |
CVE-2016-8214 |
275 |
|
|
2017-01-25 |
2017-02-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
|
43 |
CVE-2016-8213 |
79 |
|
XSS |
2017-01-23 |
2017-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
44 |
CVE-2016-6650 |
200 |
|
+Info |
2017-03-21 |
2017-07-12 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
|
45 |
CVE-2016-6648 |
275 |
|
|
2017-02-03 |
2017-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. |
|
46 |
CVE-2016-6647 |
79 |
|
XSS |
2016-09-30 |
2017-07-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
47 |
CVE-2016-6643 |
79 |
|
XSS |
2016-09-18 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
48 |
CVE-2016-6641 |
79 |
|
XSS |
2016-09-18 |
2016-11-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
49 |
CVE-2016-0925 |
79 |
|
XSS |
2016-09-21 |
2017-07-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
50 |
CVE-2016-0918 |
200 |
|
+Info |
2016-09-24 |
2017-07-30 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. |
