CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0523
https://notcve.org/view.php?id=CVE-2015-0523
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header. EMC RSA Certificate Manager (RCM) anterior a 6.9 build 558 y RSA Registration Manager (RRM) anterior a 6.9 build 558 permiten a atacantes remotos causar una denegación de servicio del servidor de administración a través de un mensaje de email MIME inválido con una cabecera de tipo de contenido multipart/*. • http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html http://seclists.org/bugtraq/2015/Mar/47 http://www.securitytracker.com/id/1031912 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0522
https://notcve.org/view.php?id=CVE-2015-0522
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter. Vulnerabilidad de XSS en EMC RSA Certificate Manager (RCM) anterior a 6.9 build 558 y RSA Registration Manager (RRM) anterior a 6.9 build 558 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con el parámetro de la dirección de correo. • http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html http://seclists.org/bugtraq/2015/Mar/47 http://www.securitytracker.com/id/1031912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0521
https://notcve.org/view.php?id=CVE-2015-0521
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter. Vulnerabilidad de XSS en EMC RSA Certificate Manager (RCM) anterior a 6.9 build 558 y RSA Registration Manager (RRM) anterior a 6.9 build 558 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con el parámetro CMP shared secret. • http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html http://seclists.org/bugtraq/2015/Mar/47 http://www.securitytracker.com/id/1031912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2015-0524 – EMC Secure Remote Services Virtual Edition SQL Injection
https://notcve.org/view.php?id=CVE-2015-0524
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el servicio Gateway Provisioning en EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 y 3.03 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself. • http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://seclists.org/bugtraq/2015/Mar/40 http://seclists.org/fulldisclosure/2015/Mar/119 http://www.securityfocus.com/archive/1/534930/100/0/threaded https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-0525 – EMC Secure Remote Services Virtual Edition Command Injection
https://notcve.org/view.php?id=CVE-2015-0525
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. El servicio Gateway Provisioning en EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 y 3.03 permite a atacantes remotos ejecutar comandos del sistema operativo arbitrarios a través de vectores no especificados. A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE. • http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://seclists.org/bugtraq/2015/Mar/40 http://seclists.org/fulldisclosure/2015/Mar/118 http://www.securityfocus.com/archive/1/534928/100/0/threaded https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •