CVE-2015-0543
https://notcve.org/view.php?id=CVE-2015-0543
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x anterior a 3.06 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://seclists.org/bugtraq/2015/Jun/132 http://www.securitytracker.com/id/1032740 • CWE-20: Improper Input Validation •
CVE-2015-0524 – EMC Secure Remote Services Virtual Edition SQL Injection
https://notcve.org/view.php?id=CVE-2015-0524
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el servicio Gateway Provisioning en EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 y 3.03 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself. • http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://seclists.org/bugtraq/2015/Mar/40 http://seclists.org/fulldisclosure/2015/Mar/119 http://www.securityfocus.com/archive/1/534930/100/0/threaded https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-0525 – EMC Secure Remote Services Virtual Edition Command Injection
https://notcve.org/view.php?id=CVE-2015-0525
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. El servicio Gateway Provisioning en EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 y 3.03 permite a atacantes remotos ejecutar comandos del sistema operativo arbitrarios a través de vectores no especificados. A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE. • http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://seclists.org/bugtraq/2015/Mar/40 http://seclists.org/fulldisclosure/2015/Mar/118 http://www.securityfocus.com/archive/1/534928/100/0/threaded https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •