6 matches found
CVE-2014-0632
EMC VPLEX GeoSynchrony GUI path traversal vulnerability (CVE-2014-0632) affects GeoSynchrony 4.0–5.2.1; before 5.3, remote authenticated users could trigger arbitrary code execution via unspecified vectors. Root cause is a directory traversal flaw in the VPLEX GUI. Impact is remote code execution...
CVE-2014-0633
EMC VPLEX GeoSynchrony GUI has a session-timeout validation flaw in versions 4.x and 5.x prior to 5.3, which could allow remote attackers to execute arbitrary code by leveraging an unattended workstation. The issue affects VPLEX GeoSynchrony 4.0–5.2.1, with EMC recommending upgrading to version 5...
CVE-2014-0634
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 is affected by a Missing HttpOnly attribute in a Set-Cookie header for an unspecified cookie, which could allow remote attackers to access potentially sensitive information via script. Affected products: VPLEX GeoSynchrony 4.0–5.2.1. Root cause: absen...
CVE-2014-0635
The CVE-2014-0635 entry concerns EMC VPLEX GeoSynchrony. Affected: VPLEX GeoSynchrony versions 4.0–5.2.1. Issue: session fixation allowing remote attackers to hijack web sessions via unspecified vectors. Root cause: not explicitly detailed in the provided documents beyond the existence of a sessi...
CVE-2015-6847
The CVE-2015-6847 entry involves EMC VPLEX GeoSynchrony 5.4 SP1 prior to P3, where the default configuration stores cleartext NAVISPHERE GUI passwords in a log file. This exposes sensitive credentials to local users who can read the log, constituting a local information-disclosure vulnerability. ...
CVE-2015-6850
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 have a default root password that allows local users to gain privileges by leveraging an active login session. Affected component: root account on GeoSynchrony; root cause: default credential exposed on install; impact: local privile...