CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4623
https://notcve.org/view.php?id=CVE-2014-4623
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. EMC Avamar 6.0.x, 6.1.x, y 7.0.x en Avamar Data Store (ADS) GEN4(S) y Avamar Virtual Edition (AVE), cuando Password Hardening anterior a 2.0.0.4 está habilitado, utiliza el cifrado UNIX DES para crear hashes de contraseñas, lo que facilita a atacantes dependientes de contexto obtener contraseñas en texto plano a través de un ataque de fuerza bruta. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html http://www.securityfocus.com/bid/70732 http://www.securitytracker.com/id/1031117 https://exchange.xforce.ibmcloud.com/vulnerabilities/97757 • CWE-310: Cryptographic Issues •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4620
https://notcve.org/view.php?id=CVE-2014-4620
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. El módulo EMC NetWorker para MEDITECH (también conocido como NMMEDI) 3.0 build 87 hasta 90, cuando se utiliza EMC RecoverPoint y Plink, almacena las credenciales RecoverPoint Appliance en texto plano en ficheros del registro nsrmedisv.raw, lo que permite a usuarios locales obtener información sensible mediante la lectura de estos ficheros. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html http://secunia.com/advisories/61952 http://www.securityfocus.com/bid/70726 http://www.securitytracker.com/id/1031116 https://exchange.xforce.ibmcloud.com/vulnerabilities/97756 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-4621
https://notcve.org/view.php?id=CVE-2014-4621
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorización para subtipos de los tipos de sistemas protegidos, lo que permite a usuarios remotos autenticados obtener privilegios de super usuario para la creación de objetos de sistema, y evadir restricciones de acceso a datos y acciones de servidor, a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html http://secunia.com/advisories/61251 http://www.securityfocus.com/bid/69817 http://www.securitytracker.com/id/1030855 https://exchange.xforce.ibmcloud.com/vulnerabilities/95989 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-4622 – EMC Documentum Content Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4622
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorización para subgrupos de grupos privilegiados, lo que permite a administradores de sistemas remotos autenticados ganar privilegios de super usuario, y evadir restricciones de acceso a datos y acciones de servidor, a través de vectores no especificados. EMC Documentum Content Server suffers from a privilege escalation vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html http://secunia.com/advisories/61251 http://www.securityfocus.com/bid/69819 http://www.securitytracker.com/id/1030855 https://exchange.xforce.ibmcloud.com/vulnerabilities/95990 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0CVE-2014-4619
https://notcve.org/view.php?id=CVE-2014-4619
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. EMC RSA Identity Management and Governance (IMG) 6.5.x en versiones anteriores a 6.5.1 P11, 6.5.2 en versiones anteriores a P02HF01 y 6.8.x en versiones anteriores a 6.8.1 P07, cuando se utiliza Novell Identity Manager (también conocido como NovellIM), permite a atacantes remotos eludir la autenticación a través de un nombre de usuario válido arbitrario. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0133.html http://packetstormsecurity.com/files/128005/RSA-Identity-Management-And-Governance-Authentication-Bypass.html http://secunia.com/advisories/60281 http://www.securityfocus.com/bid/69411 http://www.securitytracker.com/id/1030759 https://exchange.xforce.ibmcloud.com/vulnerabilities/95483 • CWE-287: Improper Authentication •