Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-6848

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-27 Nov, 2015 | 02:00
Updated At-06 Aug, 2024 | 07:36
Rejected At-
Credits

EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:27 Nov, 2015 | 02:00
Updated At:06 Aug, 2024 | 07:36
Rejected At:
▼CVE Numbering Authority (CNA)

EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/bugtraq/2015/Nov/121
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://seclists.org/bugtraq/2015/Nov/121
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/bugtraq/2015/Nov/121
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://seclists.org/bugtraq/2015/Nov/121
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:27 Nov, 2015 | 02:59
Updated At:12 Apr, 2025 | 10:46

EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.08.5HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 8.5
Base severity: HIGH
Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C
CPE Matches
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>Versions up to 7.1.1.0(inclusive)
cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.1.1.1
cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.1.1.2
cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.1.1.3
cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.1.1.4
cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.2.0.0
cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.2.0.1
cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.2.0.2
cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>isilon_onefs>>7.2.1.0
cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarynvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/bugtraq/2015/Nov/121security_alert@emc.com
N/A
http://seclists.org/bugtraq/2015/Nov/121af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://seclists.org/bugtraq/2015/Nov/121
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://seclists.org/bugtraq/2015/Nov/121
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

18Records found
CVE-2006-7199
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-0.70% / 71.03%
||
7 Day CHG~0.00%
Published-30 Apr, 2007 | 23:00
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-rsa_security_sitekeyn/a
CVE-2014-4618
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-1.02% / 76.31%
||
7 Day CHG~0.00%
Published-20 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_content_servern/a
CVE-2014-2515
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-1.02% / 76.31%
||
7 Day CHG~0.00%
Published-20 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_d2n/a
CVE-2014-4621
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-0.75% / 72.19%
||
7 Day CHG~0.00%
Published-17 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_content_servern/a
CVE-2014-2507
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-2.15% / 83.56%
||
7 Day CHG~0.00%
Published-08 Jun, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_content_servern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-2506
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-1.28% / 78.73%
||
7 Day CHG~0.00%
Published-08 Jun, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_content_servern/a
CVE-2014-0629
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-0.55% / 66.83%
||
7 Day CHG~0.00%
Published-06 Mar, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_taskspacen/a
CVE-2011-0648
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-16 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-avamarn/a
CVE-2012-2287
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-0.27% / 50.27%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

Action-Not Available
Vendor-n/aELAN Microelectronics CorporationMicrosoft Corporation
Product-windows_xpwindows_server_2003rsa_authentication_clientrsa_authentication_agentn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-2739
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-1.57% / 80.81%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_eroomn/a
CVE-2016-0906
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.22%
||
7 Day CHG~0.00%
Published-06 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-avamarn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-0914
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.16% / 37.43%
||
7 Day CHG+0.06%
Published-23 Jun, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_webtopdocumentum_capital_projectsdocumentum_taskspacedocumentum_administratorn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-4526
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-recoverpoint_for_virtual_machinesn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-0531
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.09%
||
7 Day CHG~0.00%
Published-07 May, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-sourceone_email_managementn/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-32458
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.06% / 20.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 15:52
Updated-23 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-appsyncDell EMC AppSync
CWE ID-CWE-284
Improper Access Control
CVE-2016-4383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.45% / 62.66%
||
7 Day CHG-0.14%
Published-27 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

Action-Not Available
Vendor-n/aHP Inc.
Product-helion_openstack_glancen/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-1763
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-10.75% / 93.05%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_servern/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1301
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-07 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asa_cx_context-aware_security_softwareprime_security_managern/a
CWE ID-CWE-284
Improper Access Control
Details not found