CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4547 – RSA Web Threat Detection Privilege Escalation / Information Disclosure
https://notcve.org/view.php?id=CVE-2015-4547
30 Sep 2015 — EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. EMC RSA Web Threat Detection en versiones anteriores a 5.1 SP1 almacena una contraseña AnnoDB en texto plano en un archivo de configuración, lo que permite a usuarios remotos autenticados obtener información sensible a través de la lectura de dicho archivo. RSA Web Threat Detection versions prior to 5.1 SP1 suffe... • http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0541 – RSA Web Threat Detection Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-0541
03 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en EMC RSA Web Threat Detection anterior a 5.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. RSA Web Threat Detection contains fixes for a cross site request forgery vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.... • http://seclists.org/bugtraq/2015/Jun/18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4627 – RSA Web Threat Detection SQL Injection
https://notcve.org/view.php?id=CVE-2014-4627
06 Nov 2014 — SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en EMC RSA Web Threat Detection 4.x anterior a 4.6.1.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. RSA Web Threat Detection 4.x versions 4.6.1.1 and later contain a fix for SQL injection vulnerability that could be potentially exploited by... • http://archives.neohapsis.com/archives/bugtraq/2014-11/0028.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3273 – RSA Authentication Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2013-3273
06 Jul 2013 — EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file. EMC RSA Authentication Manager v8.0 anterior a P2 y v 7.1 anterior a SP4 P26, como es usado en Appliance v3.0, no omite la contraseña administrativa en texto claro desde el registro de seguimiento en aplicaciones SDK personalizada... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0046.html • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0947 – RSA Authentication Manager 8.0 Injection / Disclosure
https://notcve.org/view.php?id=CVE-2013-0947
29 May 2013 — EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file. EMC RSA Authentication Manager v8.0 anteriores a P1 permite que usuarios locales accedan en texto claro a contraseñas del sistema operativo, contraseñas del plugin para proxy HTTP, y comunidades SNMP mediante la lectura de (1) un fichero log o (2) un fichero de configuración. RSA Authenticatio... • http://archives.neohapsis.com/archives/bugtraq/2013-05/0115.html • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0941
https://notcve.org/view.php?id=CVE-2013-0941
22 May 2013 — EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. La API de autenticación de EMC RSA anterior a v8.1 SP1, RSA Web Agent an... • http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0931
https://notcve.org/view.php?id=CVE-2013-0931
05 Mar 2013 — EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. EMC RSA Authentication Agent v7.1.x anterior a v7.1.2 sobre Windows no refuerza la característica Quick PIN Unlock, lo que permitiría a atacantes próximos físicamente evitar la restricción de código de acceso cuando se inicia el protector de pantall... • http://archives.neohapsis.com/archives/bugtraq/2013-03/0001.html • CWE-16: Configuration •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2278
https://notcve.org/view.php?id=CVE-2012-2278
13 Jul 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en (1) Self-Service Console y (2) Security Console en EMC RSA Authentication Manager v7.1 anterior a SP4 P14 y RSA SecurID Appl... • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2279
https://notcve.org/view.php?id=CVE-2012-2279
13 Jul 2012 — Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta ("open redirect") en el Security Console en EMC RSA Authentication Manager v7.1 anterior a SP4 P14 y RSA SecurID Appliance v3.0 anterior a SP4 P14 permite a atacantes remotos redirigir a los usuarios a sit... • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2280
https://notcve.org/view.php?id=CVE-2012-2280
13 Jul 2012 — EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." EMC RSA Authentication Manager v7.1 anterior a SP4 y RSA SecurID Appliance v3.0 anterior a SP4 P14 no utiliza correctamente los marco (frames), permitiendo a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no ... • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html •