) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:emc:secure_remote_services:3.03::~~virtual~~~
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-6852 |
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. Published: December 28, 2015; 10:59:01 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2015-0544 |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. Published: July 05, 2015; 6:59:01 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
| CVE-2015-0543 |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: July 05, 2015; 6:59:00 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
| CVE-2015-0525 |
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Published: March 12, 2015; 6:59:04 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-0524 |
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: March 12, 2015; 6:59:03 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |