RSA Authentication Manager 8.2 SP1 Patch 2 contains a fix for a brute force PIN-guessing vulnerability. This Self-Service Console vulnerability could potentially be exploited by malicious users and would impact a victim's ability to access protected resources. It requires that the victim's Self-Service Console credentials were compromised.
77aa2d399d4cb516fc5ff38029d6ead28e25e859e723af948bdbc87aeb25d0fe
RSA has announced security fixes to address an environmental variable disclosure vulnerability in RSA enVision 4.x.
97f7dbd3b90747a39a85bb786df93e20edc32f71fe20d64447b9568be6609ee7
EMC NetWorker Server 7.5.x and 7.6.x contain a buffer overflow vulnerability which may possibly be exploited to cause a denial of service or, possibly, arbitrary code execution.
0c2f16df9895b9a9de4b10982e56916be916e3bb0dc120e8232b516c0554f882
EMC SourceOne Web Search contains a vulnerability that may, under certain circumstances, log sensitive user credential information in plain text to the OS log of the web server. This can potentially be exploited by an unprivileged user with access to log information to gain access to the protected SourceOne components.
a20358ddd82913b5ef03b2c91d8ddbc986fe4b397263b780c91a7e8644021396
RSA, The Security Division of EMC, announces security fixes and improvements for RSA SecurID Software Token 4.1 for Microsoft Windows. This release addresses an Insecure Library Loading vulnerability within RSA SecurID Software Token for Windows. This release also provides an alternate installation package for customers who do not require the software token automation API features of the product.
173128391433f9f53094b5c9d41cdbcabc710ca350ef8bec7635e2bac54b927a
An issue with RSA Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the Device Recovery capability and Device Identification used by the defined policy.
6ff0906cd0a9a6a6154410f613b726bbb204a06a00455e14ef18b111baa522f6
RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.
b3b3018dfe32899d541965ac824cd23af6a61e18beae800a1a6ae93c827686e0
A file-blocking feature introduced in EMC Documentum eRoom version 7.3 allows site administrators to employ a security control to block certain file types from being uploaded or opened in eRoom on a site-wide basis. A flaw in validation may allow an authenticated user to bypass this security control and upload arbitrary files to eRoom.
d954efcdca333f262b5b6caa9f5bbb4209304e9d881a28e25f7fce93a16e493f
Multiple EMC Ionix products contain a buffer overflow vulnerability. The vulnerability may allow a remote unauthenticated user to send a specially-crafted message over TCP or UDP to cause a denial of service or, possibly, execute arbitrary code.
3f9ddf9e65f8cb45de206c4527ea70f75c012dbcc6185c6fb3ed11642757ce68
EMC Avamar software contains a potential privilege enforcement bypass vulnerability. This could allow a domain administrator or operator to restore data from and/or to clients in another domain to which the administrator or operator is not intended to have access rights. This flaw may also allow domain administrators or operators to view information about backup, restore and replication activities associated within another domain. Versions 4.x, 5.0.x, and 6.0.x are affected.
bec2f9616acbde29cd08864bc01d38660afb753f221e06efd26259818e4f716a
RSA, the security division of EMC, announces security fixes to address two security vulnerabilities in RSA enVision. These include arbitrary file retrieval and credentials being mailed in the clear.
21733d753cf541d05c9bdb1f1335a9efc8d4ec5ead044111b3d8aaaab1ffcf89
EMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected.
c6c9c42100d678b45b46b99d67e332a94acb32e5e795399054df43273d774351
An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.
705640844e3218280739e05b70454508fb07cd93b7ee35a36dbdff0c16b67e13
A vulnerability exists in EMC Data Protection Advisor versions prior to 5.8.1 in which sensitive information may be exposed in clear text in the configuration file.
9294e4bb8f2203229a5181951b2da900fd93ca05828d5ac6955e058f59d54f4b
EMC Captiva eInput version 2.1.1 contains two vulnerabilities which can be exploited for conducting cross site scripting attacks, retrieving files on an affected system, or causing a denial of service.
bc92b2d9a013285c1928bead886ff5ec03c3d95c922ae8fad6f32a84f344df43
EMC Documentum eRoom's Indexing Server contains a buffer overflow vulnerability which can be exploited to cause a denial of service, or possibly, arbitrary code execution. 7.x versions are affected.
768d2cd711fccb9c0a1c4db644f63ab576e893b5eb7d182b45376275e8da7e33
EMC SourceOne Email Management may allow the disclosure of application-sensitive information using ASP.NET Application Tracing. The ASP.NET application trace is enabled in affected versions of EMC SourceOne Email Management. This trace file may contain application-sensitive information that can be accessed by a remote user. Authentication is required to access the trace file.
ddd7c7e0a71fa4db5133c04ad697430cdfacda14107b5069c65c0df1607cefe9
A potential cross site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.
38cd844b80979478bd8aa20e4c0f59b355da0733e4ab4803455be0aa2f29a4f0
A potential cross site scripting vulnerability has been identified in RSA? Adaptive Authentication (On-Premise) that could be exploited in certain circumstances. This is due to an input validation error in a Flash Shockwave file provided by the Adaptive Authentication system.
a83fabf54ed5f3331ab76f5aae6561209b00f4bf7ffb46fbdc69a206932bb910
EMC NetWorker contains a potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system.
865a9f3693f441082930e4366c848c4a8368c6122943070f7ee2590626605e5f
A vulnerability exists in EMC Replication Manager which is embedded in NetWorker Module for Microsoft Applications (NMM). The vulnerability may allow arbitrary code execution on vulnerable installations of the product. Versions affected include EMC NetWorker Module for Microsoft Applications 2.1.x / 2.2.x.
0bf8111e108fe2a222a6dfcc4cca63a04d783a161a247e687ec31c6cc9b95587
EMC Data Protection Advisor Collector for Solaris SPARC contains a potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system. EMC Data Protection Advisor Collector for Solaris SPARC versions 5.7 earlier than build 5833 and 5.7.1 earlier than build 5833 are affected.
00472255871cf6439ec8d34024b0182cd32bf08db9cecfa4c6e34e199da974b9
RSA Access Manager Server contains a potential vulnerability due to improper input handling that could be exploited by malicious people to gain unauthorized access to protected resources. Versions 5.5.x, 6.0.x, and 6.1.x are affected.
449ef96e8d46bd914e2bdef9ef656182b6dd2a2b660178b9639ff8ed403fda87
EMC Avamar utilizes an internally developed service utility which can potentially transmit customer sensitive information in clear text for certain events to other EMC internal systems as part of normal operations. Also, emails configured to be sent by the customer to notify about these events, may also potentially contain sensitive information. Versions 5.0.0-407 and later but prior to 5.0.4 are affected.
9a390dc3cc984b6c2a56e2f3a6fcacfde236c63f99649b20ad281219bc7f950a
EMC Avamar contains a potential privilege escalation vulnerability that may allow an authenticated user to obtain escalated administrative privileges in the affected system. Versions 5.0.4-26 and below are affected.
04f8e91f925dd81db300371745a3fc691eba8975aa3bd0d81547fb9578dc8bad
EMC Replication Manager contains a potential vulnerability that may allow remote unauthenticated user to execute arbitrary code on vulnerable installations of the EMC Replication Manager. Affected products include EMC Replication Manager versions earlier than 5.3, EMC NetWorker Module for Microsoft Applications versions 2.1.x and 2.2.x.
4c30e9aed08c9c586089b2db66c9805be6a020c01be1c707e3e2691828f1e134