emc security advisories
18 threat alerts tracking vulnerabilities and security advisories that affect emc products.
Vulnios monitors emc CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent emc security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2016-0913 — emc — networker_module_for_microsoft_applications, replication_manager
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to
criticalCVE-2016-0913Critical Vulnerability: CVE-2016-0917 — emc — vnx1_oe_firmware, vnx2_oe_firmware
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before
criticalCVE-2016-0917Critical Vulnerability: CVE-2016-0922 — emc — vipr_srm
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.
criticalCVE-2016-0922Critical Vulnerability: CVE-2016-0903 — emc — avamar_server
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data v
criticalCVE-2016-0903Critical Vulnerability: CVE-2016-0916 — emc — networker
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWo
criticalCVE-2016-0916Critical Vulnerability: CVE-2008-0961 — emc — diskxtender
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
criticalCVE-2008-0961Critical Vulnerability: CVE-2017-8020 — emc — scaleio
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root priv
criticalCVE-2017-8020Critical Vulnerability: CVE-2017-14378 — emc — rsa_authentication_agent_api_for_c, rsa_authentication_agent_sdk_for_c
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."
criticalCVE-2017-14378Critical Vulnerability: CVE-2017-8015 — emc — appsync
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
criticalCVE-2017-8015Critical Vulnerability: CVE-2017-4976 — emc — esrs_policy_manager
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and g
criticalCVE-2017-4976Critical Vulnerability: CVE-2017-4989 — emc — avamar_server
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the
criticalCVE-2017-4989Critical Vulnerability: CVE-2017-4990 — emc — avamar_server
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously c
criticalCVE-2017-4990Critical Vulnerability: CVE-2017-4984 — emc — vnx2_firmware, vnx2
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a comma
criticalCVE-2017-4984Critical Vulnerability: CVE-2017-4982 — emc — mainframe_enablers_resourcepak_base
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise th
criticalCVE-2017-4982Critical Vulnerability: CVE-2017-2765 — emc — isilon_insightiq
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to comp
criticalCVE-2017-2765Critical Vulnerability: CVE-2017-2767 — emc — smarts_network_configuration_manager
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contain
criticalCVE-2017-2767Critical Vulnerability: CVE-2017-2768 — emc — smarts_network_configuration_manager
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contain
criticalCVE-2017-2768Critical Vulnerability: CVE-2017-2766 — emc — documentum_eroom
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pass
criticalCVE-2017-2766
Track emc exposure across your environment
Vulnios automatically cross-references your asset inventory against new emc CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan