CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4609
https://notcve.org/view.php?id=CVE-2012-4609
The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. La interfaz web en EMC RSA NetWitness Informer anterior a v2.0.5.6 permite a atacantes remotos llevar a cabo ataques de clickjacking mediante vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0002.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2012-4614
https://notcve.org/view.php?id=CVE-2012-4614
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. La configuración por defecto de EMC Smarts Network Configuration Manager (NCM) antes de v9.1 no requiere de autenticación para el acceso a la base de datos, lo que permite a atacantes remotos tener un impacto no especificado a través de una sesión de red. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html http://osvdb.org/87877 http://secunia.com/advisories/51408 http://www.securityfocus.com/bid/56682 http://www.securitytracker.com/id?1027812 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-4611
https://notcve.org/view.php?id=CVE-2012-4611
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EMC RSA Adaptive Authentication On-Premise (AAOP) antes de v7.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0096.html http://osvdb.org/87876 http://packetstormsecurity.com/files/118381/RSA-Adaptive-Authentication-On-Premise-6.x-XSS.html http://secunia.com/advisories/51394 http://www.securityfocus.com/bid/56699 http://www.securitytracker.com/id?1027811 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4615
https://notcve.org/view.php?id=CVE-2012-4615
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. EMC Smarts Network Configuration Manager (NCM) antes de v9.1 tiene codificada la clave de cifrado para el almacenamiento de credenciales, lo que permite a usuarios remotos obtener información sensible a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html http://osvdb.org/87878 http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html http://secunia.com/advisories/51408 http://www.securityfocus.com/bid/56682 http://www.securitytracker.com/id?1027812 • CWE-310: Cryptographic Issues •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4613
https://notcve.org/view.php?id=CVE-2012-4613
EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. EMC RSA Data Protection Manager Appliance v3.x y v2.7.x antes de v3.2.1 no restringe correctamente el número de intentos de autenticación de una cuenta de usuario, lo que hace que sea más fácil para los usuarios locales eludir restricciones de acceso por medio de un ataque de fuerza bruta. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html http://www.securityfocus.com/bid/56508 • CWE-287: Improper Authentication •