83 matches found
CVE-2016-6645
The CVE-2016-6645 entry applies to EMC Unisphere for VMAX Virtual Appliance and Solutions Enabler Virtual Appliance 8.x prior to 8.3.0. The vulnerability stems from the vApp Manager’s web interface, where crafted input to GeneralCmdRequest, PersistantDataRequest, or GetCommandExecRequest allows a...
CVE-2016-6646
The CVE-2016-6646 entry concerns EMC Unisphere for VMAX Virtual Appliance (vApp Manager) and Solutions Enabler Virtual Appliance. Affects 8.x releases prior to 8.3.0 where the vApp Manager web application processes crafted input via GetSymmCmdRequest or RemoteServiceHandler classes, enabling remo...
CVE-2016-6646
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the 1 GetSymmCmdRequest or 2 RemoteServiceHandler class...
CVE-2016-6645
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the 1 GeneralCmdRequest, 2 PersistantDataRequest, or 3...
EMC Unisphere for VMAX vApp Manager Arbitrary File Write Vulnerability
EMC Unisphere for VMAX is a set of management interfaces for the VMAX storage family from EMC Corporation USA. An arbitrary file write vulnerability exists in the HTTP servlet in vApp Manager in EMC Unisphere for VMAX versions prior to 8.2.0, which can be exploited by a remote attacker to write...
CVE-2016-0889
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
CVE-2016-0889
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
Design/Logic Flaw
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
CVE-2016-0889
The CVE concerns EMC Unisphere for VMAX Virtual Appliance, specifically the vApp Manager HTTP servlet. Affected: vApp Manager in EMC Unisphere for VMAX builds prior to 8.2.0. Root cause: an HTTP servlet vulnerability allows an attacker to write arbitrary files via a crafted pathname. Impact: enab...
CVE-2015-0545
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...
Code injection
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2015-0545
EMC Unisphere for VMAX 8.x before 8.0.3.4 enables the Java Debug Wire Protocol (JDWP) service, which could allow remote attackers to execute arbitrary code. Affected products are EMC Unisphere for VMAX 8.0.x prior to 8.0.3.4; EMC’s security advisory and related CVE records confirm this is a remot...
CVE-2015-0545
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...
ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability EMC Identifier: ESA-2015-102 CVE Identifier: CVE-2015-0545 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC Unisphere for VMAX 8.0.0 ...
EMC Unisphere for VMAX code execution
JDWP access is possible...
EMC Unisphere for VMAX Remote Code Execution Vulnerability
EMC Unisphere for VMAX is the advanced graphical user interface. EMC Unisphere for VMAX with the JDWP service enabled enables an unauthenticated attacker to execute arbitrary code on the affected system...
EMC Unisphere for VMAX information leakage
Under some conditions cleartext password is logged...
ESA-2013-074: EMC Unisphere for VMAX Information Disclosure Vulnerability
ESA-2013-074.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-074: EMC Unisphere for VMAX Information Disclosure Vulnerability EMC Identifier: ESA-2013-074 CVE Identifier: CVE-2013-3287 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected products • EMC Unisphere...
CVE-2013-3287
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console...
Default credentials
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console...