Skip to main content

Smarts Network Configuration Manager

6 CVEs product

Monthly

CVE-2017-8017 MEDIUM This Month

EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smarts Network Configuration Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2768 CRITICAL Act Now

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smarts Network Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-2767 CRITICAL Act Now

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Authentication Bypass Java Smarts Network Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
10.8%
CVE-2014-2509 MEDIUM This Month

Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Smarts Network Configuration Manager
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2013-2717 CRITICAL Act Now

Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Smarts Network Configuration Manager
NVD
CVSS 2.0
9.3
EPSS
0.4%
CVE-2013-0935 CRITICAL Act Now

EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Authentication Bypass Smarts Network Configuration Manager
NVD
CVSS 2.0
9.3
EPSS
1.8%
EPSS 0% CVSS 6.1
MEDIUM This Month

EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smarts Network Configuration Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smarts Network Configuration Manager
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Authentication Bypass Java +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Smarts Network Configuration Manager
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Smarts Network Configuration Manager
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Authentication Bypass +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy