These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-2765 is a critical authentication bypass vulnerability in EMC Isilon InsightIQ. According to NVD, affected releases include InsightIQ 3.0.0 through 4.1.0, and the issue is rated CVSS 3.0 9.8 because it is network-exploitable, requires no privileges or user interaction, and can impact confidentiality, integrity, and availability.
CVE-2016-6649 describes multiple command injection vulnerabilities in EMC RecoverPoint and EMC RecoverPoint for Virtual Machines. According to the CVE description, a malicious administrator with configuration privileges could bypass the user interface and escalate privileges to root. The CVE was published on 2017-02-03 and is rated CVSS 6.7 (Medium).
CVE-2016-6648 is a sensitive information disclosure issue in EMC RecoverPoint and EMC RecoverPoint for Virtual Machines. The flaw stems from incorrect permissions on a sensitive system file, allowing a malicious administrator with configuration privileges to access information that should not be exposed and potentially compromise the affected system. NVD rates the issue as medium severity and classifies i [truncated]
CVE-2016-0890 affects EMC PowerPath Virtual (Management) Appliance 2.0 and 2.0 SP1. The published record describes a sensitive information disclosure issue that could potentially be used by a malicious user to compromise the affected system. NVD classifies the weakness as CWE-200 and rates the issue medium severity with network access, low privileges, no user interaction, and high attack complexity.
CVE-2016-9870 describes an LDAP injection weakness in EMC Isilon OneFS that could allow a malicious user to compromise affected systems. The issue was publicly recorded on 2017-01-23 and applies to multiple OneFS release families, including 7.1.0.x, 7.1.1.0-7.1.1.10, 7.2.0.x, 7.2.1.0-7.2.1.2, and 8.0.0.0.
CVE-2016-8213 describes a stored cross-site scripting (XSS) vulnerability affecting multiple EMC Documentum products and versions. The issue was publicly disclosed in the CVE record on 2017-01-23. NVD classifies it as CWE-79 and rates it Medium, with a CVSS 3.0 vector of AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. In practical terms, this is a web application content-injection problem that can affect users who l [truncated]