Summary
Detail | |||
---|---|---|---|
Vendor | Emc | First view | 2014-04-01 |
Product | Vplex Geosynchrony | Last view | 2014-04-01 |
Version | 5.0 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:emc:vplex_geosynchrony |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2014-04-01 | CVE-2014-0635 | Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. |
6 | 2014-04-01 | CVE-2014-0634 | EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. |
7.7 | 2014-04-01 | CVE-2014-0633 | The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. |
9 | 2014-04-01 | CVE-2014-0632 | Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-20 | Improper Input Validation |
25% (1) | CWE-287 | Improper Authentication |
25% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |