Summary
| Detail | |||
|---|---|---|---|
| Vendor | Emc | First view | 2014-04-01 |
| Product | Vplex Geosynchrony | Last view | 2014-04-01 |
| Version | 5.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:emc:vplex_geosynchrony | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2014-04-01 | CVE-2014-0635 | Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. |
| 6 | 2014-04-01 | CVE-2014-0634 | EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. |
| 7.7 | 2014-04-01 | CVE-2014-0633 | The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. |
| 9 | 2014-04-01 | CVE-2014-0632 | Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-20 | Improper Input Validation |
| 25% (1) | CWE-287 | Improper Authentication |
| 25% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
