CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1206
https://notcve.org/view.php?id=CVE-2018-1206
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account. Dell EMC Data Protection Advisor, en versiones anteriores a la 6.3 Patch 159 y Dell EMC Data Protection Advisor, en versiones anteriores a la 6.4 Patch 110, contienen una cuenta de base de datos embebida con privilegios de administrador. • http://seclists.org/fulldisclosure/2018/Mar/22 http://www.securityfocus.com/bid/103376 http://www.securitytracker.com/id/1040484 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1182
https://notcve.org/view.php?id=CVE-2018-1182
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges. Se ha descubierto un problema en EMC RSA Identity Governance and Lifecycle en sus versiones 7.0.1 y 7.0.2 a todos los niveles de parcheo (solo dispositivos de hardware y paquetes de software); RSA Identity Management Governance (RSA IMG) en sus versiones 6.9.0 y 6.9.1 a todos los niveles de parcheo (solo dispositivos de hardware y paquetes de software). Permite que determinados usuarios a nivel de sistema operativo ejecuten scripts arbitrarios con privilegios root. • http://seclists.org/fulldisclosure/2018/Mar/16 http://www.securityfocus.com/bid/103317 http://www.securitytracker.com/id/1040458 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1220
https://notcve.org/view.php?id=CVE-2018-1220
EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users. EMC RSA Archer, en versiones anteriores a la 6.2.0.8, contiene una vulnerabilidad de redirección en la característica QuickLinks. Un atacante remoto podría explotar esa vulnerabilidad para redirigir usuarios genuinos a páginas web de phishing para obtener información sensible de otros usuarios. • http://seclists.org/fulldisclosure/2018/Mar/12 http://www.securityfocus.com/bid/103319 http://www.securitytracker.com/id/1040457 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1219
https://notcve.org/view.php?id=CVE-2018-1219
EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks. EMC RSA Archer, en versiones anteriores a la 6.2.0.8, contiene una vulnerabilidad de control de acceso incorrecto en una API que se utiliza para enumerar la información de usuario. Un usuario malicioso remoto autenticado podría explotar esta vulnerabilidad para reunir información sobre la base de usuarios y podría utilizar esta información en futuros ataques. • http://seclists.org/fulldisclosure/2018/Mar/12 http://www.securityfocus.com/bid/103319 http://www.securitytracker.com/id/1040457 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15546
https://notcve.org/view.php?id=CVE-2017-15546
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. Security Console en EMC RSA Authentication Manager 8.2 SP1 P6 y anteriores está afectado por una vulnerabilidad de inyección SQL ciega. Usuarios autenticados maliciosos podrían explotar esta vulnerabilidad para leer cualquier dato sin cifrar de la base de datos. • http://seclists.org/fulldisclosure/2018/Jan/81 http://www.securityfocus.com/bid/102838 http://www.securitytracker.com/id/1040268 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •