CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0544
https://notcve.org/view.php?id=CVE-2015-0544
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x anterior a 3.06 no genera correctamente los valores aleatorios para las cookies de sesión, lo que facilita a atacantes remotos secuestrar sesiones mediante la previsión de un valor. • http://seclists.org/bugtraq/2015/Jun/132 http://www.securitytracker.com/id/1032740 •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0543
https://notcve.org/view.php?id=CVE-2015-0543
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x anterior a 3.06 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://seclists.org/bugtraq/2015/Jun/132 http://www.securitytracker.com/id/1032740 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2015-0545
https://notcve.org/view.php?id=CVE-2015-0545
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. EMC Unisphere for VMAX 8.x anterior a 8.0.3.4 monta el servicio Java Debugging Wire Protocol (JDWP), lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Jun/129 http://www.securitytracker.com/id/1032732 •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0550
https://notcve.org/view.php?id=CVE-2015-0550
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors. Vulnerabilidad de salto de directorio en EMC Documentum Thumbnail Server 6.7SP1 anterior a P32, 6.7SP2 anterior a P25, 7.0 anterior a P19, 7.1 anterior a P16, y 7.2 anterior a P01 permite a atacantes remotos evadir las restricciones de acceso a Content Server a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Jun/114 http://www.securitytracker.com/id/1032694 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0549
https://notcve.org/view.php?id=CVE-2015-0549
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC Documentum D2 anterior a 4.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Jun/113 http://www.securitytracker.com/id/1032693 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •