CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2281
https://notcve.org/view.php?id=CVE-2012-2281
05 Jul 2012 — EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. EMC RSA Access Manager Server v6.x antes de v6.1 SP4 y RSA Access Manager Agent no validan correctamente las credenciales después de un cierre de sesión, lo que podría permitir a atacantes remotos para realizar ataques de repetición a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-07/0037.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0399
https://notcve.org/view.php?id=CVE-2012-0399
20 Mar 2012 — Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EMC RSA enVision v4.x anteriores a v4.1 Patch 4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2012-0400
https://notcve.org/view.php?id=CVE-2012-0400
20 Mar 2012 — EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. EMC RSA enVision v4.x anteriores a v4.1 Patch 4 no restringe de forma adecuada el número de intentos de autenticación fallados, lo que facilita que atacantes remotos puedan obtener acceso mediante un ataque de fuerza bruta. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0401
https://notcve.org/view.php?id=CVE-2012-0401
20 Mar 2012 — Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en EMC RSA enVision v4.x antes de v4.1 Patch 4 permite a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0402
https://notcve.org/view.php?id=CVE-2012-0402
20 Mar 2012 — EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. EMC RSA enVision v4.x anteriores a v4.1 Patch 4 utiliza credenciales Hardcoded no especificadas, lo que facilita a los atacantes remotos obtener acceso mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0403
https://notcve.org/view.php?id=CVE-2012-0403
20 Mar 2012 — Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. Vulnerabilidad de salto de directorio en EMC RSA enVision v4.x anteriores a v4.1 Patch 4, permite a atacantes remotos provocar acciones no determinadas a través de vectores no determinados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2012-0397
https://notcve.org/view.php?id=CVE-2012-0397
06 Mar 2012 — Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en EMC RSA SecurID Software Token Converter antes de v2.6.1 permite a atacantes remotos provocar una denegación de servicio o posiblemente ejecutar código de su elección a través de vectores no especificados. • http://www.securityfocus.com/archive/1/521885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4143
https://notcve.org/view.php?id=CVE-2011-4143
27 Jan 2012 — EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. EMC RSA enVision v4.0 anterior a SP4 P5 v4.1 y anterior a P3 permite a atacantes remotos obtener información sensible acerca de las variables de entorno en el sistema web a través de vectores no especificados. • http://www.securityfocus.com/archive/1/521375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4141
https://notcve.org/view.php?id=CVE-2011-4141
17 Dec 2011 — Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file. Vulnerabilidad de ruta de búsqueda no confiable en EMC RSA SecurID Software Token 4.1 anteriores a 4.1.1 permite a usuarios locales escalar privilegios a través de una DLL troyanizada en el directorio de trabajo actual, como se ha demostrado por un directorio qu... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0089.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2736
https://notcve.org/view.php?id=CVE-2011-2736
25 Aug 2011 — RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. RSA enVision v4.x anterior a v4 SP4 P3 pone en texto plano credenciales administrativas en mensajes de e-mail Task Escalation, lo que permite a atacantes remotos obtener información sensible capturando tráfico de la red (sniffing) o aprovechando el acceso a un buzón d... • http://securityreason.com/securityalert/8350 • CWE-310: Cryptographic Issues •