CVSS: 2.9EPSS: 0%CPEs: 11EXPL: 0CVE-2012-2286
https://notcve.org/view.php?id=CVE-2012-2286
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en EMC RSA Adaptive Authentication On-Premise (AAOP) v6.0.2.1 antes de SP3 P3, permite a atacantes remotos obtener información sensible a través de vectores desconocidos • http://archives.neohapsis.com/archives/bugtraq/2012-10/0036.html http://www.securityfocus.com/bid/55842 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2011-2742
https://notcve.org/view.php?id=CVE-2011-2742
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. EMC RSA Adaptive Authentication On-Premise (AAOP) v6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, y SP3, no realizan adecuadamente la evaluación forense a la recepción de señales de dispositivos de aplicaciones móviles, lo que podría permitir a atacantes remotos evitar las restricciones a la aplicación a través de un dispositivo móvil. • http://www.securityfocus.com/archive/1/520850 http://www.securitytracker.com/id?1026420 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2011-2741
https://notcve.org/view.php?id=CVE-2011-2741
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." EMC RSA Adaptive Authentication On-Premise (AAOP) v6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, y SP3, no aplican correctamente la recuperación de dispositivos y la identificación de dispositivos, lo que podría permitir a atacantes remotos evitar las restricciones de seguridad en un (1) dispositivo no registrado previamente o (2) dispositivo registrado mediante el envío no especificado de "elementos de datos." • http://www.securityfocus.com/archive/1/520850 http://www.securitytracker.com/id?1026420 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-2733
https://notcve.org/view.php?id=CVE-2011-2733
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information. EMC RSA Adaptive Authentication On-Premise (AAOP) v6.0.2.1 SP1 Patch2, SP1 Patch3, SP2, SP2 Patch1 y Service Pack 3 no impide la reutilización de la información de autenticación durante una sesión, lo que permite eludir las restricciones de acceso, a usuarios remotos autenticados, a través de vectores relacionados con el conocimiento de la información de autenticación utilizado originalmente y con información de sesión no especificada. • http://securityreason.com/securityalert/8344 http://www.securityfocus.com/archive/1/519346/100/0/threaded http://www.securityfocus.com/bid/49574 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1422
https://notcve.org/view.php?id=CVE-2011-1422
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de comando en sitios cruzados (XSS) en un archivo Shockwave Flash no especificado en EMC RSA Adaptive Authentication On-Premise (AAOP) v2.x, v5.7.x, y v6.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/44236 http://securityreason.com/securityalert/8215 http://securitytracker.com/id?1025382 http://www.securityfocus.com/archive/1/517534/100/0/threaded http://www.securityfocus.com/bid/47408 http://www.vupen.com/english/advisories/2011/1026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •