Search criteria
16 vulnerabilities found for secure_remote_services by emc
CVE-2018-11080 (GCVE-0-2018-11080)
Vulnerability from nvd – Published: 2018-10-18 22:00 – Updated: 2024-09-17 02:52
VLAI?
Summary
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.
Severity ?
7.3 (High)
CWE
- Improper File Permissions Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DELL EMC | ESRS Virtual Edition |
Affected:
unspecified , < 3.32.00.08
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESRS Virtual Edition",
"vendor": "DELL EMC",
"versions": [
{
"lessThan": "3.32.00.08",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper File Permissions Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-11080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper File Permissions Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041877"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11080",
"datePublished": "2018-10-18T22:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T02:52:05.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11079 (GCVE-0-2018-11079)
Vulnerability from nvd – Published: 2018-10-18 22:00 – Updated: 2024-09-17 01:26
VLAI?
Summary
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
Severity ?
5.5 (Medium)
CWE
- Plaintext Password Storage Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DELL EMC | ESRS Virtual Edition |
Affected:
unspecified , < 3.32.00.08
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESRS Virtual Edition",
"vendor": "DELL EMC",
"versions": [
{
"lessThan": "3.32.00.08",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Plaintext Password Storage Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-11079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext Password Storage Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041877"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11079",
"datePublished": "2018-10-18T22:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T01:26:15.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4986 (GCVE-0-2017-4986)
Vulnerability from nvd – Published: 2017-06-14 21:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier |
Affected:
EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540721/30/0/threaded"
},
{
"name": "99036",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier"
}
]
}
],
"datePublic": "2017-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1038696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540721/30/0/threaded"
},
{
"name": "99036",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier",
"version": {
"version_data": [
{
"version_value": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038696",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038696"
},
{
"name": "http://www.securityfocus.com/archive/1/540721/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540721/30/0/threaded"
},
{
"name": "99036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4986",
"datePublished": "2017-06-14T21:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6852 (GCVE-0-2015-6852)
Vulnerability from nvd – Published: 2015-12-28 15:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html"
},
{
"name": "20151222 ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Dec/130"
},
{
"name": "79661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79661"
},
{
"name": "1034530",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html"
},
{
"name": "20151222 ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Dec/130"
},
{
"name": "79661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79661"
},
{
"name": "1034530",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-6852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html"
},
{
"name": "20151222 ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Dec/130"
},
{
"name": "79661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79661"
},
{
"name": "1034530",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-6852",
"datePublished": "2015-12-28T15:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0544 (GCVE-0-2015-0544)
Vulnerability from nvd – Published: 2015-07-05 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032740",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0544",
"datePublished": "2015-07-05T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0543 (GCVE-0-2015-0543)
Vulnerability from nvd – Published: 2015-07-05 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032740",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0543",
"datePublished": "2015-07-05T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0525 (GCVE-0-2015-0525)
Vulnerability from nvd – Published: 2015-03-12 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534928/100/0/threaded"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534928/100/0/threaded"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534928/100/0/threaded"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/118"
},
{
"name": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html"
},
{
"name": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0525",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0524 (GCVE-0-2015-0524)
Vulnerability from nvd – Published: 2015-03-12 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534930/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html"
},
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/119"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534930/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html"
},
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/119"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534930/100/0/threaded"
},
{
"name": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html"
},
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/119"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0524",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11079 (GCVE-0-2018-11079)
Vulnerability from cvelistv5 – Published: 2018-10-18 22:00 – Updated: 2024-09-17 01:26
VLAI?
Summary
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
Severity ?
5.5 (Medium)
CWE
- Plaintext Password Storage Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DELL EMC | ESRS Virtual Edition |
Affected:
unspecified , < 3.32.00.08
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESRS Virtual Edition",
"vendor": "DELL EMC",
"versions": [
{
"lessThan": "3.32.00.08",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Plaintext Password Storage Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-11079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext Password Storage Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041877"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11079",
"datePublished": "2018-10-18T22:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T01:26:15.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11080 (GCVE-0-2018-11080)
Vulnerability from cvelistv5 – Published: 2018-10-18 22:00 – Updated: 2024-09-17 02:52
VLAI?
Summary
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.
Severity ?
7.3 (High)
CWE
- Improper File Permissions Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DELL EMC | ESRS Virtual Edition |
Affected:
unspecified , < 3.32.00.08
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESRS Virtual Edition",
"vendor": "DELL EMC",
"versions": [
{
"lessThan": "3.32.00.08",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper File Permissions Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-11080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper File Permissions Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041877"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11080",
"datePublished": "2018-10-18T22:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T02:52:05.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4986 (GCVE-0-2017-4986)
Vulnerability from cvelistv5 – Published: 2017-06-14 21:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier |
Affected:
EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540721/30/0/threaded"
},
{
"name": "99036",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier"
}
]
}
],
"datePublic": "2017-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1038696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540721/30/0/threaded"
},
{
"name": "99036",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier",
"version": {
"version_data": [
{
"version_value": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038696",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038696"
},
{
"name": "http://www.securityfocus.com/archive/1/540721/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540721/30/0/threaded"
},
{
"name": "99036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4986",
"datePublished": "2017-06-14T21:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6852 (GCVE-0-2015-6852)
Vulnerability from cvelistv5 – Published: 2015-12-28 15:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html"
},
{
"name": "20151222 ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Dec/130"
},
{
"name": "79661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79661"
},
{
"name": "1034530",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html"
},
{
"name": "20151222 ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Dec/130"
},
{
"name": "79661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79661"
},
{
"name": "1034530",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-6852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135044/EMC-Secure-Remote-Services-Virtual-Edition-Path-Traversal.html"
},
{
"name": "20151222 ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Dec/130"
},
{
"name": "79661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79661"
},
{
"name": "1034530",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-6852",
"datePublished": "2015-12-28T15:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0544 (GCVE-0-2015-0544)
Vulnerability from cvelistv5 – Published: 2015-07-05 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032740",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0544",
"datePublished": "2015-07-05T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0543 (GCVE-0-2015-0543)
Vulnerability from cvelistv5 – Published: 2015-07-05 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032740",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032740",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032740"
},
{
"name": "20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0543",
"datePublished": "2015-07-05T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0524 (GCVE-0-2015-0524)
Vulnerability from cvelistv5 – Published: 2015-03-12 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534930/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html"
},
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/119"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534930/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html"
},
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/119"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534930/100/0/threaded"
},
{
"name": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html"
},
{
"name": "20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/119"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0524",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0525 (GCVE-0-2015-0525)
Vulnerability from cvelistv5 – Published: 2015-03-12 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534928/100/0/threaded"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534928/100/0/threaded"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534928/100/0/threaded"
},
{
"name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Mar/40"
},
{
"name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/118"
},
{
"name": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html"
},
{
"name": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0525",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}