National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 7 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-11080

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.

Published: October 18, 2018; 06:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11079

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.

Published: October 18, 2018; 06:29:00 PM -04:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2015-6852

Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.

Published: December 28, 2015; 10:59:01 AM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2015-0544

EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.

Published: July 05, 2015; 06:59:01 AM -04:00
V2: 9.3 HIGH
CVE-2015-0543

EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: July 05, 2015; 06:59:00 AM -04:00
V2: 5.8 MEDIUM
CVE-2015-0525

The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Published: March 12, 2015; 06:59:04 AM -04:00
V2: 7.5 HIGH
CVE-2015-0524

SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 12, 2015; 06:59:03 AM -04:00
V2: 7.5 HIGH