These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-2765 is a critical authentication bypass vulnerability in EMC Isilon InsightIQ. According to NVD, affected releases include InsightIQ 3.0.0 through 4.1.0, and the issue is rated CVSS 3.0 9.8 because it is network-exploitable, requires no privileges or user interaction, and can impact confidentiality, integrity, and availability.
CVE-2017-2768 is a critical improper authentication issue in EMC Network Configuration Manager (NCM). The affected versions listed in NVD are EMC NCM 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x. Because the vulnerability is rated 9.8 and the CVSS vector indicates network access, no privileges, and no user interaction, organizations should treat this as a high-priority exposure for any internet-facing or broadly [truncated]
CVE-2017-2767 is a critical vulnerability in EMC Network Configuration Manager (NCM) affecting 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x. The NVD record describes it as a Java RMI remote code execution issue that could let a malicious user compromise the affected system. NVD rates the issue CVSS v3.0 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact with no authentication or user interaction required.
CVE-2017-2766 is a critical EMC Documentum eRoom issue involving an unverified password change vulnerability. NVD rates it CVSS 3.0 9.8 with network access, no privileges required, and no user interaction. In practical terms, the flaw can let a malicious actor change credentials without proper verification and potentially compromise the affected system.
CVE-2016-9873 describes a DQL injection issue in EMC Documentum D2 versions 4.5 and 4.6. According to the published record, an authenticated low-privileged attacker could potentially force execution of arbitrary DQL commands, which may allow information exposure, data modification, or service disruption. The affected weakness is mapped to CWE-77 and carries a CVSS 3.0 score of 6.3 (Medium).
CVE-2016-9872 describes a reflected cross-site scripting (XSS) vulnerability in EMC Documentum D2 versions 4.5 and 4.6. Because the flaw is reflected and requires user interaction, the main risk is session compromise or other client-side impact when a user is induced to open a crafted link or request. NVD maps the issue to CWE-79 and rates it CVSS 3.0 6.1 (Medium).
CVE-2016-9871 is a privilege escalation vulnerability affecting EMC Isilon OneFS releases in the 7.1.0.x, 7.1.1.0-7.1.1.10, 7.2.0.x, and 7.2.1.0-7.2.1.3 lines. NVD rates the issue CVSS 3.0 7.2 High and classifies it as CWE-264, indicating an access-control and privilege-management weakness that could let an attacker compromise the affected system.
CVE-2016-6649 describes multiple command injection vulnerabilities in EMC RecoverPoint and EMC RecoverPoint for Virtual Machines. According to the CVE description, a malicious administrator with configuration privileges could bypass the user interface and escalate privileges to root. The CVE was published on 2017-02-03 and is rated CVSS 6.7 (Medium).
CVE-2016-6648 is a sensitive information disclosure issue in EMC RecoverPoint and EMC RecoverPoint for Virtual Machines. The flaw stems from incorrect permissions on a sensitive system file, allowing a malicious administrator with configuration privileges to access information that should not be exposed and potentially compromise the affected system. NVD rates the issue as medium severity and classifies i [truncated]
CVE-2016-0890 affects EMC PowerPath Virtual (Management) Appliance 2.0 and 2.0 SP1. The published record describes a sensitive information disclosure issue that could potentially be used by a malicious user to compromise the affected system. NVD classifies the weakness as CWE-200 and rates the issue medium severity with network access, low privileges, no user interaction, and high attack complexity.
CVE-2016-8215 describes a reflected cross-site scripting (XSS) issue in EMC RSA Security Analytics. The CVE was published on 2017-01-25 and NVD classifies the issue as CWE-79 with a medium CVSS 3.0 score of 6.1. The NVD record indicates affected RSA Security Analytics versions include 10.5 through 10.5.2 and 10.6 through 10.6.1, while the source description states that fixes are present in 10.5.3 and 10.6.2.
CVE-2016-8214 describes a permissions and authorization weakness in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1. According to NVD, a malicious administrator could use the flaw to compromise Avamar servers. The issue is local, requires high privileges, and carries high confidentiality, integrity, and availability impact.
CVE-2016-9870 describes an LDAP injection weakness in EMC Isilon OneFS that could allow a malicious user to compromise affected systems. The issue was publicly recorded on 2017-01-23 and applies to multiple OneFS release families, including 7.1.0.x, 7.1.1.0-7.1.1.10, 7.2.0.x, 7.2.1.0-7.2.1.2, and 8.0.0.0.
CVE-2016-8213 describes a stored cross-site scripting (XSS) vulnerability affecting multiple EMC Documentum products and versions. The issue was publicly disclosed in the CVE record on 2017-01-23. NVD classifies it as CWE-79 and rates it Medium, with a CVSS 3.0 vector of AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. In practical terms, this is a web application content-injection problem that can affect users who l [truncated]