CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2016-0891 – EMC ViPR SRM - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-0891
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. Múltiples vulnerabilidades de CSRF en páginas administrativas en EMC ViPR SRM en versiones anteriores a 3.7 permiten a atacantes remotos secuestrar la autenticación de administradores. EMC ViPR SRM versions prior to 3.7 suffer from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/39738 http://packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html http://seclists.org/bugtraq/2016/Apr/106 http://seclists.org/fulldisclosure/2016/Apr/89 http://www.securityfocus.com/archive/1/538207/100/0/threaded https://www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0515
https://notcve.org/view.php?id=CVE-2015-0515
Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file. Vulnerabilidad en la restricción en la carga de archivos en EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados ejecutar código arbitrario mediante la carga y luego el acceso de un archivo ejecutable. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://www.securityfocus.com/bid/72256 http://www.securitytracker.com/id/1031567 •
CVSS: 5.0EPSS: 8%CPEs: 2EXPL: 3CVE-2015-0514 – EMC M&R (Watch4net) - Credential Disclosure
https://notcve.org/view.php?id=CVE-2015-0514
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 puede permitir a atacantes remotos obtener credenciales de centro de datos en texto claro aprovechándose de cierto acceso SRM que conlleva a un ataque de descifrado. It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. • https://www.exploit-db.com/exploits/36436 http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html http://seclists.org/fulldisclosure/2015/Mar/112 http://www.securityfocus.com/archive/1/534923/100/0/threaded http://www.securityfocus.com/bid/72257 http://www.securitytracker.com/id/1031567 https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_ar • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 2%CPEs: 2EXPL: 2CVE-2015-0516 – EMC M&R (Watch4net) - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-0516
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de una URL modificada. A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries. • https://www.exploit-db.com/exploits/36440 http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://seclists.org/fulldisclosure/2015/Mar/116 http://www.securityfocus.com/archive/1/534929/100/0/threaded http://www.securityfocus.com/bid/72255 http://www.securitytracker.com/id/1031567 https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0513 – EMC M&R (Watch4net) Alerting Frontend XSS
https://notcve.org/view.php?id=CVE-2015-0513
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields. Múltiples vulnerabilidades XSS en la interfaz de usuario de administración en EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios aprovechándose de privilegios de acceso para establecer valores modificados de campos sin especificar A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://www.securityfocus.com/bid/72259 http://www.securitytracker.com/id/1031567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •