Skip to main content

Vplex Geosynchrony

6 CVEs product

Monthly

CVE-2015-6850 HIGH This Week

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vplex Geosynchrony
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2015-6847 LOW Monitor

The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vplex Geosynchrony
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-0635 HIGH This Week

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Vplex Geosynchrony
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-0634 MEDIUM This Month

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Vplex Geosynchrony
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-0633 HIGH This Week

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Vplex Geosynchrony
NVD VulDB
CVSS 2.0
7.7
EPSS
0.3%
CVE-2014-0632 CRITICAL Act Now

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Vplex Geosynchrony
NVD VulDB
CVSS 2.0
9.0
EPSS
2.3%
EPSS 0% CVSS 8.4
HIGH This Week

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vplex Geosynchrony
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vplex Geosynchrony
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Vplex Geosynchrony
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Vplex Geosynchrony
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Vplex Geosynchrony
NVD VulDB
EPSS 2% CVSS 9.0
CRITICAL Act Now

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Vplex Geosynchrony
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy