CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14376 – EMC AppSync Server Hardcoded Password
https://notcve.org/view.php?id=CVE-2017-14376
31 Oct 2017 — EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. EMC AppSync Server, en versiones anteriores a la 3.5.0.1, contiene cuentas de bases de datos con contraseñas embebidas, lo que podría ser explotado por usuarios maliciosos con el fin de comprometer el sistema afectado. EMC AppSync contains database accounts with hardcoded passwords that could potentially be exploited by malicious us... • http://seclists.org/fulldisclosure/2017/Oct/68 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8018 – EMC AppSync Host Plug-In 3.5 Denial of Service
https://notcve.org/view.php?id=CVE-2017-8018
28 Sep 2017 — EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. El plugin host EMC AppSync en versiones 3.5 y anteriores (sólo en la plataforma Windows) incluye una vulnerabilidad de denegación de servicio (DoS) que podría se explotada por usuarios maliciosos para comprometer el sistema afectado. EMC AppSync host plug-in on Windows platform includes a denial of s... • http://seclists.org/fulldisclosure/2017/Sep/75 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-8015 – EMC AppSync Apollo REST Services SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8015
08 Sep 2017 — EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC AppSync (en todas las versiones anteriores a la 3.5) contiene una vulnerabilidad de inyección SQL que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Appsync. Although authentication ... • http://seclists.org/fulldisclosure/2017/Sep/14 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4634 – EMC Replication Manager / AppSync Path Enumeration
https://notcve.org/view.php?id=CVE-2014-4634
30 Dec 2014 — Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Vulnerabilidad de búsqueda de ruta en Windows sin entrecomillar en EMC Replication Manager a través de 5.5.2 y AppSync anterior a 2.1.0 permite a usuarios locales obtener privilegios a través de un troyano con el nombre compuesto por una subcaden... • http://archives.neohapsis.com/archives/bugtraq/2014-12/0170.html •