CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0399
https://notcve.org/view.php?id=CVE-2012-0399
20 Mar 2012 — Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EMC RSA enVision v4.x anteriores a v4.1 Patch 4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2012-0400
https://notcve.org/view.php?id=CVE-2012-0400
20 Mar 2012 — EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. EMC RSA enVision v4.x anteriores a v4.1 Patch 4 no restringe de forma adecuada el número de intentos de autenticación fallados, lo que facilita que atacantes remotos puedan obtener acceso mediante un ataque de fuerza bruta. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0401
https://notcve.org/view.php?id=CVE-2012-0401
20 Mar 2012 — Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en EMC RSA enVision v4.x antes de v4.1 Patch 4 permite a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0402
https://notcve.org/view.php?id=CVE-2012-0402
20 Mar 2012 — EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. EMC RSA enVision v4.x anteriores a v4.1 Patch 4 utiliza credenciales Hardcoded no especificadas, lo que facilita a los atacantes remotos obtener acceso mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0403
https://notcve.org/view.php?id=CVE-2012-0403
20 Mar 2012 — Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. Vulnerabilidad de salto de directorio en EMC RSA enVision v4.x anteriores a v4.1 Patch 4, permite a atacantes remotos provocar acciones no determinadas a través de vectores no determinados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4143
https://notcve.org/view.php?id=CVE-2011-4143
27 Jan 2012 — EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. EMC RSA enVision v4.0 anterior a SP4 P5 v4.1 y anterior a P3 permite a atacantes remotos obtener información sensible acerca de las variables de entorno en el sistema web a través de vectores no especificados. • http://www.securityfocus.com/archive/1/521375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •