CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5384
https://notcve.org/view.php?id=CVE-2020-5384
31 Jul 2020 — Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system. Una Vulnerabilidad de Omisión de Autenticación de RSA MFA Agent versión 2.0 para Microsoft Windows, contiene una vulnerabilidad de Omisión de Autenticación. Un atacante no autenticado local podría potencialmente e... • https://community.rsa.com/docs/DOC-113541 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1232 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1232
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS y Apache Web Server se ve afectado por un desbordamiento de búfer basado en pila que pued... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1233 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1233
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS y Apache Web Server se ve afectado por una vulnerabilidad Cross-Site Scripting (XSS). Los atacantes podrían explota... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1234 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1234
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS se ve afectado por un problema en el que los permisos de la lista de control ... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14377 – RSA Authentication Agent for Web Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-14377
27 Nov 2017 — EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass. RSA Authentication Agent for Web: Apache Web Server en su versión 8.0 y RSA Authentication Agent for Web: Apache Web Server en su versión 8.0.1 anterior a la Build 618 de EMC tienen una vulnerabilidad de seguridad que podría conducir a una omisión de autenticación. A sec... • http://seclists.org/fulldisclosure/2017/Nov/46 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0941
https://notcve.org/view.php?id=CVE-2013-0941
22 May 2013 — EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. La API de autenticación de EMC RSA anterior a v8.1 SP1, RSA Web Agent an... • http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0931
https://notcve.org/view.php?id=CVE-2013-0931
05 Mar 2013 — EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. EMC RSA Authentication Agent v7.1.x anterior a v7.1.2 sobre Windows no refuerza la característica Quick PIN Unlock, lo que permitiría a atacantes próximos físicamente evitar la restricción de código de acceso cuando se inicia el protector de pantall... • http://archives.neohapsis.com/archives/bugtraq/2013-03/0001.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-3261
https://notcve.org/view.php?id=CVE-2010-3261
24 Sep 2010 — Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. Vulnerabilidad de salto de directorio en el agente de autenticación RSA v7.0 anteriores a la versión P2 para Web. Permite a atacantes remotos leer datos sin especificar a través de vectores de ataque desconocidos. • http://www.securityfocus.com/archive/1/513908/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2026
https://notcve.org/view.php?id=CVE-2008-2026
30 Apr 2008 — Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebID/IISWebAgentIF.dll del RSA Authentication Agent (Agente de Autentificación RSA) 5.3.0.258 y otras versione... • http://secunia.com/advisories/14954 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2027
https://notcve.org/view.php?id=CVE-2008-2027
30 Apr 2008 — Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action. Vulnerabilidad de redirección libre en WebID/IISWebAgentIF.dll de RSA Authentication Agent 5.3.0.258 para Web para IIS; cuando se accede desde determinados navegadores como Mozilla Firefox, ... • http://securityreason.com/securityalert/3850 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •