Vulnerabilites related to emc - watch4net
CVE-2015-0516 (GCVE-0-2015-0516)
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031567 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/534929/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/72255 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html | mailing-list, x_refsource_BUGTRAQ | |
| https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Mar/116 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 Path traversal vulnerability in EMC M\u0026R (Watch4net) MIB Browser",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534929/100/0/threaded"
},
{
"name": "72255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72255"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html"
},
{
"name": "20150318 Path traversal vulnerability in EMC M\u0026R (Watch4net) MIB Browser",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 Path traversal vulnerability in EMC M\u0026R (Watch4net) MIB Browser",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534929/100/0/threaded"
},
{
"name": "72255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72255"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html"
},
{
"name": "20150318 Path traversal vulnerability in EMC M\u0026R (Watch4net) MIB Browser",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 Path traversal vulnerability in EMC M\u0026R (Watch4net) MIB Browser",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534929/100/0/threaded"
},
{
"name": "72255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72255"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html"
},
{
"name": "20150318 Path traversal vulnerability in EMC M\u0026R (Watch4net) MIB Browser",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0516",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0514 (GCVE-0-2015-0514)
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1031567 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/534923/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Mar/112 | mailing-list, x_refsource_FULLDISC | |
| http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/72257 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html"
},
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 EMC M\u0026R (Watch4net) data storage collector credentials are not properly protected",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534923/100/0/threaded"
},
{
"name": "20150318 EMC M\u0026R (Watch4net) data storage collector credentials are not properly protected",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/112"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name": "72257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html"
},
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 EMC M\u0026R (Watch4net) data storage collector credentials are not properly protected",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534923/100/0/threaded"
},
{
"name": "20150318 EMC M\u0026R (Watch4net) data storage collector credentials are not properly protected",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/112"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name": "72257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html"
},
{
"name": "1031567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 EMC M\u0026R (Watch4net) data storage collector credentials are not properly protected",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534923/100/0/threaded"
},
{
"name": "20150318 EMC M\u0026R (Watch4net) data storage collector credentials are not properly protected",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/112"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name": "72257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72257"
},
{
"name": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0514",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0513 (GCVE-0-2015-0513)
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72259 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031567 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72259"
},
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "72259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72259"
},
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72259"
},
{
"name": "1031567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0513",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6181 (GCVE-0-2013-6181)
Vulnerability from cvelistv5
Published
2013-12-28 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029535 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/64517 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:43.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029535",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029535"
},
{
"name": "64517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64517"
},
{
"name": "20131224 ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-06T14:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1029535",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029535"
},
{
"name": "64517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64517"
},
{
"name": "20131224 ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-6181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029535",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029535"
},
{
"name": "64517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64517"
},
{
"name": "20131224 ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html"
},
{
"name": "http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-6181",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-10-21T00:00:00",
"dateUpdated": "2024-08-06T17:29:43.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0515 (GCVE-0-2015-0515)
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031567 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/72256 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "72256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72256"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1031567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "72256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72256"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "72256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72256"
},
{
"name": "20150120 ESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0515",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2025-04-12 10:46
Severity ?
Summary
Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:watch4net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED56487F-4AA2-463F-9E14-F80639F88520",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:vipr_srm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B4F87A-7B05-439C-9CFF-1EEC3DFC20DB",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file."
},
{
"lang": "es",
"value": "Vulnerabilidad en la restricci\u00f3n en la carga de archivos en EMC M\u0026R (tambi\u00e9n conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la carga y luego el acceso de un archivo ejecutable."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/434.html\"\u003eCWE-434: Unrestricted Upload of File with Dangerous Type\u003c/a\u003e",
"id": "CVE-2015-0515",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-21T15:17:13.713",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72256"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031567"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:watch4net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED56487F-4AA2-463F-9E14-F80639F88520",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:vipr_srm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B4F87A-7B05-439C-9CFF-1EEC3DFC20DB",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en la interfaz de usuario de administraci\u00f3n en EMC M\u0026R (tambi\u00e9n conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios aprovech\u00e1ndose de privilegios de acceso para establecer valores modificados de campos sin especificar"
}
],
"id": "CVE-2015-0513",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-21T15:17:11.387",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72259"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031567"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-28 04:53
Modified
2025-04-11 00:51
Severity ?
Summary
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:watch4net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8929591-6A4C-4235-84CA-00072768BBEB",
"versionEndIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:watch4net:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "635876A7-16B1-4A24-AC4F-03A63713DE1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:watch4net:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E60F05B-778D-498B-AED5-29D2ABC821A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges."
},
{
"lang": "es",
"value": "EMC Watch4Net antes de 6.3 almacena en texto plano las contrase\u00f1as del dispositivo encuestados en el repositorio de la instalaci\u00f3n, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante el aprovechamiento de los privilegios del repositorio."
}
],
"id": "CVE-2013-6181",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-28T04:53:06.570",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/64517"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1029535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029535"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2025-04-12 10:46
Severity ?
Summary
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:watch4net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED56487F-4AA2-463F-9E14-F80639F88520",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:vipr_srm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B4F87A-7B05-439C-9CFF-1EEC3DFC20DB",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack."
},
{
"lang": "es",
"value": "EMC M\u0026R (tambi\u00e9n conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 puede permitir a atacantes remotos obtener credenciales de centro de datos en texto claro aprovech\u00e1ndose de cierto acceso SRM que conlleva a un ataque de descifrado."
}
],
"id": "CVE-2015-0514",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-21T15:17:12.807",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/112"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/534923/100/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/72257"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"source": "security_alert@emc.com",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534923/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:vipr_srm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B4F87A-7B05-439C-9CFF-1EEC3DFC20DB",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:watch4net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED56487F-4AA2-463F-9E14-F80639F88520",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in EMC M\u0026R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en EMC M\u0026R (tambi\u00e9n conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de una URL modificada."
}
],
"id": "CVE-2015-0516",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-21T15:17:14.543",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/fulldisclosure/2015/Mar/116"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/534929/100/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/72255"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"source": "security_alert@emc.com",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Mar/116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534929/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}