CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2011-2737
https://notcve.org/view.php?id=CVE-2011-2737
25 Aug 2011 — RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability." RSA enVision v3.x y v4.x anterior a v4 SP4 P3 permite a atacantes remotos leer ficheros de su elección a través de vectores no especificados, relacionado con "arbitrary file retrieval vulnerability." • http://securityreason.com/securityalert/8350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2011-0322
https://notcve.org/view.php?id=CVE-2011-0322
16 Mar 2011 — Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors. Vulnerabilidad no especificada en EMC RSA Access Manager Server v5.5.x , v6.0.x y v6.1.x, permite a atacantes remotos acceder a recursos a través de vectores desconocidos . • http://secunia.com/advisories/43796 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-7266
https://notcve.org/view.php?id=CVE-2008-7266
26 Nov 2010 — Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Authentication 2.x and 5.7.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en un archivo Shockwave Flash no especificado en RSA Adaptive Authentication v2.x y v5.7.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/42332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3321
https://notcve.org/view.php?id=CVE-2010-3321
07 Oct 2010 — RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests. RSA Authentication Client v2.0.x, v3.0 y v3.5.x anterior a v3.5.3 no maneja correctamente la etiqueta SENSITIVE o NON-EXTRACTABLE en un objeto de clave secreta que es almacenado en un autenticador SecurID ... • http://www.securityfocus.com/archive/1/514153/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-3261
https://notcve.org/view.php?id=CVE-2010-3261
24 Sep 2010 — Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. Vulnerabilidad de salto de directorio en el agente de autenticación RSA v7.0 anteriores a la versión P2 para Web. Permite a atacantes remotos leer datos sin especificar a través de vectores de ataque desconocidos. • http://www.securityfocus.com/archive/1/513908/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3017
https://notcve.org/view.php?id=CVE-2010-3017
09 Sep 2010 — Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en RSA Access Manager v4.7.1 Agente anterior a v4.7.1.7, cuando RSA Adaptive Authentication Integration está activada, permite a atacantes remotos evitar la autenticación y obtener información sensible a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2010-09/0057.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3018
https://notcve.org/view.php?id=CVE-2010-3018
09 Sep 2010 — RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors. RSA Access Manager Server v5.5.3 anterior a v5.5.3.172, v6.0.4 anterior a v6.0.4.53, y v6.1 anterior a v6.1.2.01 no lleva a cabo correctamente actualizaciones de la cache, lo que puede permitir a un atacante obtener información sensible mediante vectores no específicos • http://archives.neohapsis.com/archives/bugtraq/2010-09/0056.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-2634
https://notcve.org/view.php?id=CVE-2010-2634
09 Aug 2010 — RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors. Vulnerabilidad en RSA enVision v3.7 SP1 permite a usuarios autenticados remotamente causar una denegación de servicio a través de vectores sin especificar. • http://www.securityfocus.com/archive/1/512929/100/0/threaded •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2337
https://notcve.org/view.php?id=CVE-2010-2337
27 Jul 2010 — Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. Vulnerabilidad de redirección involuntaria en RSA Federated Identity Manager v4.0 anterior a v4.0.25 y v4.1 anterior a v4.1.26 permite a atacantes remotos redireccionar a los usuarios a sitios Web de su elección y llevar a cabo ataques de phishing mediante vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-6886
https://notcve.org/view.php?id=CVE-2008-6886
03 Aug 2009 — RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks. RSA EnVision v3.5.0, v3.5.1, v3.5.2, y v3.7.0 no restringe el acceso correctamente a una funcionalidad de perfil de usuario no especificada, permitiendo a atacantes remotos obtener el hash de la contraseña de administrador y llevar a cabo ataques para revelar mediante fuerza b... • http://marc.info/?l=bugtraq&m=122765140110581&w=2 • CWE-264: Permissions, Privileges, and Access Controls •