CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1252 – RSA Web Threat Detection SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-1252
01 Jun 2018 — RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application. RSA Web Threat Detection en versiones anteriores a la 6.4 contiene una vulnerabilida... • http://seclists.org/fulldisclosure/2018/Jun/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0919 – RSA Web Threat Detection 5.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-0919
28 Jan 2017 — EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC RSA Web Threat Detection versión 5.0, RSA Web Threat Detection versión 5.1, RSA Web Threat Detection versión 5.1.2 tiene una vulnerabilidad de XSS que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado. RSA... • http://www.securityfocus.com/archive/1/540057/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4548 – RSA Web Threat Detection Privilege Escalation / Information Disclosure
https://notcve.org/view.php?id=CVE-2015-4548
30 Sep 2015 — EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file. EMC RSA Web Threat Detection en versiones anteriores a 5.1 SP1 permite a usuarios locales obtener privilegios root al aprovechar el acceso a una cuenta de servicio y escribir comandos en un archivo de configuración del servicio . RSA Web Threat Detection versions prior to 5.1 SP1 suffer from information disclosure and privile... • http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4547 – RSA Web Threat Detection Privilege Escalation / Information Disclosure
https://notcve.org/view.php?id=CVE-2015-4547
30 Sep 2015 — EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. EMC RSA Web Threat Detection en versiones anteriores a 5.1 SP1 almacena una contraseña AnnoDB en texto plano en un archivo de configuración, lo que permite a usuarios remotos autenticados obtener información sensible a través de la lectura de dicho archivo. RSA Web Threat Detection versions prior to 5.1 SP1 suffe... • http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0541 – RSA Web Threat Detection Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-0541
03 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en EMC RSA Web Threat Detection anterior a 5.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. RSA Web Threat Detection contains fixes for a cross site request forgery vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.... • http://seclists.org/bugtraq/2015/Jun/18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4627 – RSA Web Threat Detection SQL Injection
https://notcve.org/view.php?id=CVE-2014-4627
06 Nov 2014 — SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en EMC RSA Web Threat Detection 4.x anterior a 4.6.1.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. RSA Web Threat Detection 4.x versions 4.6.1.1 and later contain a fix for SQL injection vulnerability that could be potentially exploited by... • http://archives.neohapsis.com/archives/bugtraq/2014-11/0028.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •