ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities EMC Identifier: ESA-2016-094 CVE Identifier: CVE-2016-0923, CVE-2016-0924 Affected Products: • RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5 •

ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability EMC Identifier: ESA-2017-007 CVE Identifier: CVE-2017-2766 Severity Rating: CVSS v3 Base Score: 5.7 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L) Affected products: EMC

ESA-2017-003: EMC Network Configuration Manager (NCM) Multiple Vulnerabilities

BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-003: EMC Network Configuration Manager (NCM) Multiple Vulnerabilities EMC Identifier: ESA-2017-003 CVE Identifier: CVE-2017-2767, CVE-2017-2768 Severity Rating: CVSS v3 Base Score: See below for scores Affected products: EMC Software:

ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability EMC Identifier: ESA-2017-001 CVE Identifier: CVE-2017-2765 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected products: • EMC

ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability EMC Identifier: ESA-2016-150 CVE Identifier: CVE-2016-8215 Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Affected Products:

ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability EMC Identifier: ESA-2016-146 CVE Identifier: CVE-2016-8214 Severity Rating: CVSSv3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Affected

ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability EMC Identifier: ESA-2016-166 CVE Identifier: CVE-2016-9871 Severity Rating: CVSS v3 Base Score: 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected products: • EMC Isilon

ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability EMC Identifier: ESA-2016-092 CVE Identifier: CVE-2016-0919 Severity Rating: CVSS v3 Base Score: 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) Affected Products: · RSA Web

ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities EMC Identifier: ESA-2016-132 CVE Identifiers: CVE-2016-6648, CVE-2016-6649 Severity Rating: CVSS v3 Base Score: See below for individual scores. Affected products: EMC RecoverPoint

ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability EMC Identifier: ESA-2016-160 CVE Identifier: CVE-2016-8216 Severity Rating: CVSS v3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Affected products: EMC Data Domain OS

ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities EMC Identifier: ESA-2016-167 CVE Identifier: CVE-2016-9872, CVE-2016-9873 Severity Rating: CVSS v3 Base Score: See below for CVSSv3 score. Affected products: EMC Documentum D2 version

ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability EMC Identifier: ESA-2016-037 CVE Identifier: CVE-2016-0890 Severity Rating: CVSS v3 Base Score: 6.4 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L) Affected

ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities EMC Identifier: ESA-2016-154 CVE Identifier: CVE-2016-8212, CVE-2016-8217 Severity Rating: See below for scores for individual issues Affected Products: • RSA BSAFE

ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability EMC Identifier: ESA-2016-133 CVE Identifier: CVE-2016-8211 Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected products: EMC Data

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability EMC Identifier: ESA-2016-143 CVE Identifier: CVE-2016-8213 Severity Rating: CVSS v3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) Affected

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability

BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability EMC Identifier: ESA-2016-161 CVE Identifier: CVE-2016-9870 Severity Rating: CVSS v3 Base Score: 6.0 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) Affected products: • EMC Isilon

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities EMC Identifier: ESA-2016-104 CVE Identifier: CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643 Severity Rating: CVSS v3 Base Score: See below for CVSSv3 scores for individual CVEs

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability EMC Identifier: ESA-2016-108 CVE Identifier: CVE-2016-6644 Severity Rating: CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected products: EMC Documentum D2

ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 EMC Identifier: ESA-2016-094 CVE Identifier: CVE-2016-0923, CVE-2016-0924 Affected Products: • RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5 • RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to

ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities EMC Identifier: ESA-2016-121 CVE Identifier: CVE-2016-6645, CVE-2016-6646 Severity Rating: CVSS v3 Base Score: See below for individual CVEs.

ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability EMC Identifier: ESA-2016-063 CVE Identifier: CVE-2016-0913 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability EMC Identifier: ESA-2016-093 CVE Identifier: CVE-2016-0925 Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities EMC Identifier: ESA-2016-065 CVE Identifier: CVE-2016-0903, CVE-2016-0904, CVE-2016-0905, CVE-2016-0920, CVE-2016-0921 Severity Rating: See below for

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected

ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability EMC Identifier: EMC-2016-097 CVE Identifier: CVE-2016-0918 Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability EMC Identifier: ESA-2016-111 CVE Identifier: CVE-2016-0909 Severity Rating: CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected

ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities EMC Identifier: ESA-2016-157 CVE Identifier: CVE-2016-9867, CVE-2016-9868, CVE-2016-9869 Severity Rating: CVSS v3Base Score: See below for individual scores Affected products: EMC ScaleIO

ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability EMC Identifier: ESA-2017-028 CVE Identifier: CVE-2017-4980 Severity Rating: CVSS v3 Base Score: 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) Affected products: • EMC Isilon

ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 EMC Identifier: ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability CVE Identifier: CVE-2017-4977 Severity Rating: CVSS v3 Base Score: 5.0 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N) Affected

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability EMC Identifier: ESA-2017-010 CVE Identifier: CVE-2016-6650 Severity Rating: CVSS v3 Base Score: CVSS v3 Score: 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). Affected products: •EMC

ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability EMC Identifier: ESA-2017-062 CVE Identifier: CVE-2017-4997 Severity Rating: CVSS v3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) Affected products: VASA

ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability EMC Identifier: ESA-2017-027 CVE Identifier: CVE-2017-4979 Severity Rating: CVSS v3 Base Score: 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) Affected products: The issue occurs in

ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 EMC Identifier: ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability CVE Identifier: CVE-2017-4978 Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products: RSA Adaptive

ESA-2017-064: RSA Identity Governance and Lifecycle Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 EMC Identifier: EMC-2017-064 CVE Identifier: CVE-2017-5003, CVE-2017-5004 Severity Rating: CVSS v3 Base Score: Please view details below for individual CVE scores. Affected Products: •RSA Identity Governance and Lifecycle versions

ESA-2017-054: EMC Avamar Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-054: EMC Avamar Multiple Vulnerabilities EMC Identifier: ESA-2017-054 CVE Identifiers: CVE-2017-4989, CVE-2017-4990 Affected products: • EMC Avamar Server Software 7.4.1-58, 7.4.0-242 (CVE-2017-4990) • EMC Avamar Server

ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability EMC Identifier: ESA-2017-053 CVE Identifier: CVE-2017-4988 Severity Rating: CVSS v3 Base Score: Base Score=> 7.2(AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Affected products:

ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability EMC Identifier: ESA-2017-043 CVE Identifier: CVE-2017-4986 Severity Rating: CVSS v3 Base Score: See below for individual scores of each CVE Affected products: EMC ESRS

ESA-2017-031: RSA BSAFE® Cert-C Improper Certificate Processing Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-031: RSA BSAFE® Cert-C Improper Certificate Processing Vulnerability EMC Identifier: ESA-2017-031 CVE Identifier: CVE-2017-4981 Severity Rating: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) Affected Products: RSA BSAFE Cert-C all

ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station EMC Identifier: ESA-2017-041 CVE Identifier: CVE-2017-4984, CVE-2017-4985, CVE-2017-4987 Severity Rating: CVSS v3 Base Score: See below for individual

ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability EMC Identifier: ESA-2017-036 CVE Identifier: CVE-2017-4983 Severity Rating: CVSS v3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Affected products: • EMC

ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability EMC Identifier: ESA-2017-035 CVE Identifier: CVE-2017-4982 Severity Rating: CVSS v3 Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected products: