Emc Vplex Geosynchrony — known CVE vulnerabilities
Every CVE whose affected-product data names Emc Vplex Geosynchrony, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2014-0632 — CVSS 9.0 (critical): Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary…
CVE-2015-6850 — CVSS 8.4 (high): EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to…
CVE-2014-0633 — CVSS 7.7 (high): The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for…
CVE-2014-0635 — CVSS 7.5 (high): Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via…
CVE-2014-0634 — CVSS 6.0 (medium): EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which…
CVE-2015-6847 — CVSS 2.1 (low): The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows…