Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.