CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0646
https://notcve.org/view.php?id=CVE-2014-0646
The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files. El componente runtime WS en el servidor en EMC RSA Access Manager 6.1.3 anterior a 6.1.3.39, 6.1.4 anterior a 6.1.4.22, 6.2.0 anterior a 6.2.0.11 y 6.2.1 anterior a 6.2.1.03, cuando el registro INFO está habilitado, permite a usuarios locales descubrir contraseñas en texto plano mediante la lectura de archivos de registro. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 52%CPEs: 3EXPL: 1CVE-2014-0644 – EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read
https://notcve.org/view.php?id=CVE-2014-0644
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file. EMC Cloud Tiering Appliance (CTA) 10 hasta SP1 permite a atacantes remotos leer archivos arbitrarios a través de una solicitud api/login que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE), tal y como fue demostrado por la lectura del archivo /etc/shadow. EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. • https://www.exploit-db.com/exploits/32623 http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html http://seclists.org/fulldisclosure/2014/Mar/426 https://gist.github.com/brandonprry/9895721 - • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0645
https://notcve.org/view.php?id=CVE-2014-0645
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack. EMC Cloud Tiering Appliance (CTA) 9.x hasta 10 SP1 y File Management Appliance (FMA) 7.x almacene hashes de contraseñas DES para las cuentas root, super, y de administración, lo que facilita a atacantes dependientes de contexto obtener información sensible a través de un ataque de fuerza bruta. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html http://seclists.org/fulldisclosure/2014/Mar/426 https://gist.github.com/brandonprry/9895721 • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0642
https://notcve.org/view.php?id=CVE-2014-0642
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. EMC Documentum Content Server anterior a 6.7 SP1 P26, 6.7 SP2 anterior a P13, 7.0 anterior a P13 y 7.1 anterior a P02 permite a usuarios remotos autenticados evadir restricciones de acceso y leer metadatos de ciertos ficheros a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html http://twitter.com/artika4biz/statuses/455358950116823040 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-0638
https://notcve.org/view.php?id=CVE-2014-0638
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue. Vulnerabilidad de XSS en RSA Adaptive Authentication (On-Premise) 6.x y 7.x anterior a 7.1 SP0 P2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores involucrando elementos FRAME, relacionado con un problema de "cross-frame scripting". • http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •