3 results (0.013 seconds)

CVSS: 2.1EPSS: 4%CPEs: 9EXPL: 0

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. Una interacción entre Microsoft Outlook Web Access (OWA) con RSA SecurID permite a usuarios locales evitar la autenticación SecurID para un usuario anterior mediante varios envios de una petición de autenticación OWA con la contraseña adecuada del usuario anterior, que es acaba siendo aceptada por OWA. • http://online.securityfocus.com/archive/1/264705 http://www.iss.net/security_center/static/8681.php http://www.securityfocus.com/bid/4390 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. • http://www.kb.cert.org/vuls/id/609840 http://www.securityfocus.com/bid/3462 https://exchange.xforce.ibmcloud.com/vulnerabilities/7399 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. • http://www.kb.cert.org/vuls/id/348040 http://www.securityfocus.com/bid/3461 https://exchange.xforce.ibmcloud.com/vulnerabilities/7397 •