CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0399
https://notcve.org/view.php?id=CVE-2012-0399
20 Mar 2012 — Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EMC RSA enVision v4.x anteriores a v4.1 Patch 4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2012-0400
https://notcve.org/view.php?id=CVE-2012-0400
20 Mar 2012 — EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. EMC RSA enVision v4.x anteriores a v4.1 Patch 4 no restringe de forma adecuada el número de intentos de autenticación fallados, lo que facilita que atacantes remotos puedan obtener acceso mediante un ataque de fuerza bruta. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0401
https://notcve.org/view.php?id=CVE-2012-0401
20 Mar 2012 — Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en EMC RSA enVision v4.x antes de v4.1 Patch 4 permite a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0402
https://notcve.org/view.php?id=CVE-2012-0402
20 Mar 2012 — EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. EMC RSA enVision v4.x anteriores a v4.1 Patch 4 utiliza credenciales Hardcoded no especificadas, lo que facilita a los atacantes remotos obtener acceso mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0403
https://notcve.org/view.php?id=CVE-2012-0403
20 Mar 2012 — Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. Vulnerabilidad de salto de directorio en EMC RSA enVision v4.x anteriores a v4.1 Patch 4, permite a atacantes remotos provocar acciones no determinadas a través de vectores no determinados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4143
https://notcve.org/view.php?id=CVE-2011-4143
27 Jan 2012 — EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. EMC RSA enVision v4.0 anterior a SP4 P5 v4.1 y anterior a P3 permite a atacantes remotos obtener información sensible acerca de las variables de entorno en el sistema web a través de vectores no especificados. • http://www.securityfocus.com/archive/1/521375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2736
https://notcve.org/view.php?id=CVE-2011-2736
25 Aug 2011 — RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. RSA enVision v4.x anterior a v4 SP4 P3 pone en texto plano credenciales administrativas en mensajes de e-mail Task Escalation, lo que permite a atacantes remotos obtener información sensible capturando tráfico de la red (sniffing) o aprovechando el acceso a un buzón d... • http://securityreason.com/securityalert/8350 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2011-2737
https://notcve.org/view.php?id=CVE-2011-2737
25 Aug 2011 — RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability." RSA enVision v3.x y v4.x anterior a v4 SP4 P3 permite a atacantes remotos leer ficheros de su elección a través de vectores no especificados, relacionado con "arbitrary file retrieval vulnerability." • http://securityreason.com/securityalert/8350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •