CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2017-4984
https://notcve.org/view.php?id=CVE-2017-4984
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution. En EMC VNX2 en versiones anteriores a OE for File 8.1.9.211 y VNX1 en versiones anteriores a OE for File 7.1.80.8, un atacante remoto no autenticado podría ser capaz de elevar sus privilegios a root mediante una inyección de comandos. Esto podría ser explotado por un atacante para ejecutar código arbitrario con privilegios de nivel root en el sistema VNX Control Station objetivo. Esto también se conoce como ejecución remota de código. • http://www.securityfocus.com/archive/1/540738/30/0/threaded http://www.securityfocus.com/bid/99039 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4986
https://notcve.org/view.php?id=CVE-2017-4986
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. ESRS VE versión 3.18 o anterior de EMC, contiene una Omisión de identificación que potencialmente podría ser aprovechada por usuarios maliciosos para poner en peligro el sistema afectado. • http://www.securityfocus.com/archive/1/540721/30/0/threaded http://www.securityfocus.com/bid/99036 http://www.securitytracker.com/id/1038696 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5003
https://notcve.org/view.php?id=CVE-2017-5003
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2 (todos los niveles de parches); RSA Via Lifecycle and Governance versión 7.0 (todos los niveles de parches); y RSA Identity Management and Governance (IMG) versión 6.9.1 (todos los niveles de parches) de EMC, presentan vulnerabilidades de tipo Cross Site Scripting Reflejado que podrían ser explotadas potencialmente por usuarios maliciosos para comprometer un sistema afectado. • http://www.securityfocus.com/archive/1/540693/30/0/threaded http://www.securityfocus.com/bid/98974 http://www.securitytracker.com/id/1038648 https://web.archive.org/web/20210116013250/http://www.securityfocus.com/archive/1/540693/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5004
https://notcve.org/view.php?id=CVE-2017-5004
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2 (todos los niveles de parches); RSA Via Lifecycle and Governance versión 7.0 (todos los niveles de parches); y RSA Identity Management and Governance (IMG) versión 6.9.1 (todos los niveles de parches) de EMC, presentan vulnerabilidades de tipo Cross Site Scripting Almacenado que podrían ser explotadas por usuarios maliciosos para comprometer un sistema afectado. • http://www.securityfocus.com/archive/1/540693/30/0/threaded http://www.securityfocus.com/bid/98968 http://www.securitytracker.com/id/1038648 https://web.archive.org/web/20210116013250/http://www.securityfocus.com/archive/1/540693/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2017-4979
https://notcve.org/view.php?id=CVE-2017-4979
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. Isilon OneFS versión 8.0.1.0, OneFS versiones 8.0.0.0 - 8.0.0.2, OneFS versiones 7.2.1.0 - 7.2.1.3 y OneFS versiones 7.2.0.x de EMC, están afectadas por una vulnerabilidad de exportación de NFS. Bajo ciertas condiciones, después de actualizar un clúster desde OneFS versión 7.1.1.x o anteriores, los usuarios pueden tener niveles inesperados de acceso a algunas exportaciones de NFS. • http://www.securityfocus.com/archive/1/540551/30/0/threaded •