CVE-2014-4634

CVE-2014-4634 describes an unquoted Windows search path vulnerability in EMC Replication Manager (pre-5.5.2) and EMC AppSync (pre-2.1.0). The underlying issue is an unquoted service path used by Windows services, enabling a local attacker to abuse a Trojan horse executable whose name starts with ...

CVE-2013-6182

EMC Replication Manager prior to version 5.5 is affected by an unquoted file-path vulnerability that allows local privilege escalation via crafted scripts that reside in a parent directory of a target path. The root cause is unquoted elements in file paths used by user-created scripts, enabling a...

CVE-2011-0647

CVE-2011-0647 is a remote code execution vulnerability in EMC Replication Manager (embedded in NetWorker Module for Microsoft Applications) prior to version 5.3. The irccd.exe service exposes TCP port 6542 and accepts commands via an XML-based RunProgram function; an attacker can execute arbitrar...

CVE-2013-3272

EMC Replication Manager (RM) prior to version 5.4.4 logs encoded passwords in application log files, enabling local users to read sensitive credentials. Affected product: EMC Replication Manager (RM) before 5.4.4. Remediation: upgrade to RM 5.4.4; delete relevant server log files and reset expose...

CVE-2016-0913

The CVE-2016-0913 entry affects EMC Replication Manager (RM) and related modules: RM before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6. The vulnerability allows remote RM servers to execute arbitrary commands by placin...