Secure Remote Services Security Vulnerabilities and Issues — Secure Remote Services CVE List

EmcSecure Remote Services

8 matches found

CVE•added 2015/03/12 10:0 a.m.•49 views

CVE-2015-0524

The ESRS VE Gateway Provisioning service (EMC Secure Remote Services Virtual Edition) versions 3.02 and 3.03 contain a SQL injection vulnerability (CVE-2015-0524). The vulnerability, described across multiple sources, allows a remote attacker to retrieve arbitrary data, interfere with application...

7.5CVSS8.5AI score0.0209EPSS

CVE•added 2017/06/14 9:0 p.m.•49 views

CVE-2017-4986

CVE-2017-4986 affects EMC ESRS VE 3.18 and earlier. The connected CNVD entry for EMC ESRS VE Information Disclosure describes a vulnerability in ESRS VE versions up to 3.18 where an attacker could compromise the affected system through an authentication bypass. The base CVE description from NVD s...

5.3CVSS5.3AI score0.01772EPSS

CVE•added 2015/07/05 10:0 a.m.•48 views

CVE-2015-0544

EMC Secure Remote Services Virtual Edition (ESRS VE) before 3.06 is affected by insufficient randomness in session cookie generation, enabling potential session hijacking. Affected versions include ESRS VE 3.02–3.04; EMC released 3.06 to address this issue. The vulnerability is documented as a hi...

9.3CVSS6.8AI score0.02518EPSS

CVE•added 2015/07/05 10:0 a.m.•47 views

CVE-2015-0543

CVE-2015-0543 affects EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x prior to 3.06. The issue is insufficient validation of X.509 certificates from SSL servers, enabling MITM attackers to spoof servers and potentially access sensitive information. Affected versions include ESRS VE 3.02–...

5.8CVSS6AI score0.00672EPSS

CVE•added 2018/10/18 10:0 p.m.•47 views

CVE-2018-11079

CVE-2018-11079 affects Dell EMC Secure Remote Services (ESRS) prior to 3.32.00.08. The vulnerability is plaintext storage of database credentials in a configuration file, allowing an authenticated user with access to that file to obtain the password and gain access to the application database. Se...

7.8CVSS7.7AI score0.00372EPSS

CVE•added 2018/10/18 10:0 p.m.•46 views

CVE-2018-11080

Affected product: Dell EMC ESRS (Secure Remote Services) / ESRS Virtual Edition. Vulnerability: Improper file permissions in multiple configuration files that are world-readable, enabling an authenticated attacker to access file contents and potentially elevate privileges. Versions impacted: ESRS...

7.8CVSS7.5AI score0.00368EPSS

CVE•added 2015/03/12 10:0 a.m.•43 views

CVE-2015-0525

The ESRS VE Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (versions 3.02 and 3.03) contains a command injection flaw that could allow an unauthenticated remote attacker to execute arbitrary OS commands. The vulnerability is tied to the Gateway Provisioning component; ...

7.5CVSS7.8AI score0.03656EPSS

CVE•added 2015/12/28 3:0 p.m.•40 views

CVE-2015-6852

CVE-2015-6852 affects EMC Secure Remote Services Virtual Edition 3.x prior to 3.10. The API is vulnerable to a directory traversal issue that allows remote authenticated users to read log files via a crafted parameter. The vulnerability is described in multiple sources (NVD/CNVD) with a CVSS v3 b...

4.3CVSS4.2AI score0.01974EPSS