CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6851 – RSA SecurID Web Agent Authentication Bypass
https://notcve.org/view.php?id=CVE-2015-6851
21 Dec 2015 — EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector. EMC RSA SecurID Web Agent en versiones a anteriores a 8.0 permite a atacantes físicamente próximos eludir el mecanismo de protección de privacidad de la pantalla aprovechando la desatención del equipo y ejecutando DOM Inspector. RSA SecurID Web Agent contains a patch that is designed to fix an authentication bypass vul... • http://packetstormsecurity.com/files/135013/RSA-SecurID-Web-Agent-Authentication-Bypass.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0941
https://notcve.org/view.php?id=CVE-2013-0941
22 May 2013 — EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. La API de autenticación de EMC RSA anterior a v8.1 SP1, RSA Web Agent an... • http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2278
https://notcve.org/view.php?id=CVE-2012-2278
13 Jul 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en (1) Self-Service Console y (2) Security Console en EMC RSA Authentication Manager v7.1 anterior a SP4 P14 y RSA SecurID Appl... • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2279
https://notcve.org/view.php?id=CVE-2012-2279
13 Jul 2012 — Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta ("open redirect") en el Security Console en EMC RSA Authentication Manager v7.1 anterior a SP4 P14 y RSA SecurID Appliance v3.0 anterior a SP4 P14 permite a atacantes remotos redirigir a los usuarios a sit... • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2280
https://notcve.org/view.php?id=CVE-2012-2280
13 Jul 2012 — EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." EMC RSA Authentication Manager v7.1 anterior a SP4 y RSA SecurID Appliance v3.0 anterior a SP4 P14 no utiliza correctamente los marco (frames), permitiendo a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no ... • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2012-0397
https://notcve.org/view.php?id=CVE-2012-0397
06 Mar 2012 — Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en EMC RSA SecurID Software Token Converter antes de v2.6.1 permite a atacantes remotos provocar una denegación de servicio o posiblemente ejecutar código de su elección a través de vectores no especificados. • http://www.securityfocus.com/archive/1/521885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4141
https://notcve.org/view.php?id=CVE-2011-4141
17 Dec 2011 — Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file. Vulnerabilidad de ruta de búsqueda no confiable en EMC RSA SecurID Software Token 4.1 anteriores a 4.1.1 permite a usuarios locales escalar privilegios a través de una DLL troyanizada en el directorio de trabajo actual, como se ha demostrado por un directorio qu... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0089.html •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2417
https://notcve.org/view.php?id=CVE-2007-2417
15 Jul 2007 — Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. Desbordamiento de búfer basado en montículo en _mprosrv.exe de Progress Software Progress 9.1E y OpenEdge 10.1.x, como se usan en RSA Authentication Manager 6.0 y 6.1, SecurI... • http://dvlabs.tippingpoint.com/advisory/TPTI-07-12 •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2005-1471
https://notcve.org/view.php?id=CVE-2005-1471
06 May 2005 — Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. • http://marc.info/?l=full-disclosure&m=111537013104724&w=2 •
CVSS: 7.1EPSS: 1%CPEs: 9EXPL: 0CVE-2002-0507
https://notcve.org/view.php?id=CVE-2002-0507
11 Jun 2002 — An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. Una interacción entre Microsoft Outlook Web Access (OWA) con RSA SecurID permite a usuarios locales evitar la autenticación SecurID para un usuario anterior mediante varios envios de una petición de autenticación OW... • http://online.securityfocus.com/archive/1/264705 • CWE-287: Improper Authentication •