Vplex Geosynchrony Security Vulnerabilities and Issues — Vplex Geosynchrony CVE List

Lucene search

EmcVplex Geosynchrony

6 matches found

CVE•added 2014/04/01 6:28 a.m.•47 views

CVE-2014-0632

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.

9CVSS7.5AI score0.02702EPSS

CVE•added 2014/04/01 6:28 a.m.•38 views

CVE-2014-0634

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

6CVSS6.3AI score0.00366EPSS

CVE•added 2014/04/01 6:28 a.m.•37 views

CVE-2014-0635

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.

7.5CVSS6.8AI score0.00301EPSS

CVE•added 2014/04/01 6:28 a.m.•35 views

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.

7.7CVSS7.9AI score0.00276EPSS

CVE•added 2015/11/18 11:59 a.m.•34 views

CVE-2015-6847

The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file.

2.1CVSS5.9AI score0.00062EPSS

CVE•added 2015/12/28 3:59 p.m.•31 views

CVE-2015-6850

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.

8.4CVSS8.3AI score0.00054EPSS