3 matches found
CVE-2012-2285
CVE-2012-2285 affects EMC Cloud Tiering Appliance (CTA) and CTA/VE versions up to 9.0 that allow remote attackers to obtain GUI administrative access by sending a crafted file during authentication. The root cause is an authentication bypass that can grant full GUI admin privileges, as detailed i...
CVE-2014-0644
The CVE-2014-0644 flaw affects EMC Cloud Tiering Appliance (CTA) 10 through SP1, with an unauthenticated XXE in the/ api/login flow that permits reading arbitrary files (e.g., /etc/shadow) with root privileges. Public references describe an unauthenticated XXE arbitrary file read, and multiple ad...
CVE-2014-0645
EMC Cloud Tiering Appliance (CTA) versions 9.x–10 SP1 and Cloud Tiering Appliance (CTA) 10.x/10 SP1 Vulnerabilities: two issues are described. First, CVE-2014-0645: default root/super/admin passwords are DES-encrypted and stored, enabling context-dependent attackers to brute-force sensitive data ...