Code injection

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

EMC VPLEX multiple security vulnerabilities

Directory traversal, protection bypass...

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

CVE-2014-0635

The CVE-2014-0635 entry concerns EMC VPLEX GeoSynchrony. Affected: VPLEX GeoSynchrony versions 4.0–5.2.1. Issue: session fixation allowing remote attackers to hijack web sessions via unspecified vectors. Root cause: not explicitly detailed in the provided documents beyond the existence of a sessi...

CVE-2014-0634

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 is affected by a Missing HttpOnly attribute in a Set-Cookie header for an unspecified cookie, which could allow remote attackers to access potentially sensitive information via script. Affected products: VPLEX GeoSynchrony 4.0–5.2.1. Root cause: absen...

CVE-2014-0633

EMC VPLEX GeoSynchrony GUI has a session-timeout validation flaw in versions 4.x and 5.x prior to 5.3, which could allow remote attackers to execute arbitrary code by leveraging an unattended workstation. The issue affects VPLEX GeoSynchrony 4.0–5.2.1, with EMC recommending upgrading to version 5...

CVE-2014-0632

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation...

CVE-2014-0634

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2014-0635

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2014-0632

EMC VPLEX GeoSynchrony GUI path traversal vulnerability (CVE-2014-0632) affects GeoSynchrony 4.0–5.2.1; before 5.3, remote authenticated users could trigger arbitrary code execution via unspecified vectors. Root cause is a directory traversal flaw in the VPLEX GUI. Impact is remote code execution...

CVE-2013-3278

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file...

Design/Logic Flaw

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file...

CVE-2013-3278

CVE-2013-3278 affects EMC VPLEX/NV GeoSynchrony (5.2 SP1 and earlier). The vulnerability stores LDAP/AD bind passwords in cleartext inside the VPLEX management server configuration file, enabling local users with file access to obtain sensitive credentials. Supported impacted versions include Geo...

CVE-2013-3278

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file...

ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability

ESA-2013-060.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability EMC Identifier: ESA-2013-060 CVE Identifier: CVE-2013-3278 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC VPLEX Local/Metro/Geo...

EMC VPLEX Information leakage

Cleartetext passwords in configuration files...