CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2516
https://notcve.org/view.php?id=CVE-2014-2516
Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en EMC RSA Authentication Manager 8.x anterior a 8.1 Patch permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados • http://archives.neohapsis.com/archives/bugtraq/2014-12/0074.html •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4633
https://notcve.org/view.php?id=CVE-2014-4633
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC RSA Archer GRC Platform 5.x anterior a 5.5.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-4628
https://notcve.org/view.php?id=CVE-2014-4628
Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC Isilon InsightIQ 2.x y 3.x anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-12/0075.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4631
https://notcve.org/view.php?id=CVE-2014-4631
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. RSA Adaptive Authentication (On-Premise) 6.0.2.1 hasta 7.1 P3, cuando utiliza la vinculación de dispositivos en una llamada Challenge SOAP o utiliza adaptadores de la integración de autenticación adaptiva RSA con la funcionalidad Out-of-Band Phone (Authentify), realiza la vinculación de dispositivos permanente incluso cuando falla la autenticación, lo que permite a atacantes remotos evadir la autenticación. • http://www.securityfocus.com/archive/1/534136/100/0/threaded http://www.securityfocus.com/bid/71423 http://www.securitytracker.com/id/1031297 https://exchange.xforce.ibmcloud.com/vulnerabilities/99086 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4629
https://notcve.org/view.php?id=CVE-2014-4629
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference. EMC Documentum Content Server 7.0, 7.1 anterior a 7.1 P10, y 6.7 anterior a SP2 P19 permite a usuarios remotos autenticados leer o eliminar ficheros arbitrarios a través de vectores no especificados relacionados con una referencia insegura a un objeto directo. • http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html http://www.securityfocus.com/archive/1/534135/100/0/threaded http://www.securityfocus.com/bid/71422 http://www.securitytracker.com/id/1031298 https://exchange.xforce.ibmcloud.com/vulnerabilities/99085 • CWE-264: Permissions, Privileges, and Access Controls •