CVE-2013-0935
published 2013-03-28CVE-2013-0935: EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to…
PriorityP359critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.15%
89.6th percentile
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc | smarts_network_configuration_manager | <= 9.1 | — |
| emc | smarts_network_configuration_manager | <= 9.2 | — |
| emc | smarts_network_configuration_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wppf-7c2c-mmm7: EMC Smarts Network Configuration Manager (NCM) before 9
ghsa_unreviewed·2022-05-17
CVE-2013-0935 [HIGH] CWE-287 GHSA-wppf-7c2c-mmm7: EMC Smarts Network Configuration Manager (NCM) before 9
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors.
GHSA
GHSA-637w-3fhr-j2r5: Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2013-2717 [CRITICAL] GHSA-637w-3fhr-j2r5: Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9
Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other third-party components.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-03-28
Published