CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8017
https://notcve.org/view.php?id=CVE-2017-8017
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x y 9.4.2.x se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) reflejado que podría ser explotada por usuarios maliciosos para comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Oct/11 http://www.securityfocus.com/bid/101194 http://www.securitytracker.com/id/1039517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2768
https://notcve.org/view.php?id=CVE-2017-2768
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contiene Una vulnerabilidad de autenticación incorrecta que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado. • http://www.securityfocus.com/archive/1/540085/30/0/threaded http://www.securityfocus.com/bid/95936 http://www.securitytracker.com/id/1037761 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0CVE-2017-2767
https://notcve.org/view.php?id=CVE-2017-2767
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Network Configuration Manager (NCM) 9.4.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contiene una vulnerabilidad de Java RMI Remote Code Execution que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado. • http://www.securityfocus.com/archive/1/540085/30/0/threaded http://www.securityfocus.com/bid/95938 http://www.securitytracker.com/id/1037761 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2509
https://notcve.org/view.php?id=CVE-2014-2509
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. Vulnerabilidad de fijación de sesión en el componente Report Advisor (RA) en EMC Network Configuration Manager (NCM) anterior a 9.3 permite a atacantes remotos secuestrar sesiones de web a través de una cookie de sesión. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0168.html http://packetstormsecurity.com/files/127301/EMC-Network-Configuration-Manager-NCM-Session-Fixation.html http://secunia.com/advisories/59423 http://www.securityfocus.com/archive/1/533077/100/0/threaded http://www.securitytracker.com/id/1030494 •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2717
https://notcve.org/view.php?id=CVE-2013-2717
Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other third-party components. Múltiples vulnerabilidades sin especificar en el System Management (también conocido como SysAdmin) Console en EMC Smarts Network Configuration Manager (NCM) hasta v9.2 tienen un impacto desconocido y vectores de ataque, una cuestión diferente a CVE-2013-0935. NOTA: esto puede superponerse CVEs para los componentes del servidor de código abierto o de otros componentes de terceros. • http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html •