EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.