Computer Security
[EN] securityvulns.ru no-pyccku


EMC Smarts security vulnerabilities
Published:01.04.2013
Source:
SecurityVulns ID:12975
Type:remote
Threat Level:
5/10
Description:Crossite scripting in different applications, Smarts Network Configuration Manager authentication bypass.
Affected:EMC : Smarts 9.2
CVE:CVE-2013-0936 (Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smarts MPLS Manager before 9.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.)
 CVE-2013-0935 (EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentEMC, ESA-2013-016: EMC Smarts Network Configuration Manager (01.04.2013)
 documentEMC, ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability (01.04.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod