CVE-2015-0532
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.
EMC RSA Identity Management and Governance (IMG) 6.9 anterior a P04 y 6.9.1 anterior a P01 no restringe correctamente las reconfiguraciones de contraseñas, lo que permite a atacantes remotos obtener el acceso a través de el uso manipulado del proceso de reconfiguración para un nombre de cuenta válido arbitrario, tal y como fue demostrado por una cuenta privilegiada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-12-17 CVE Reserved
- 2015-04-30 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html | X_refsource_misc |
|
| http://seclists.org/bugtraq/2015/Apr/204 | Mailing List |
|
| http://www.securitytracker.com/id/1032218 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Rsa Identity Management And Governance Search vendor "Emc" for product "Rsa Identity Management And Governance" | 6.9.0 Search vendor "Emc" for product "Rsa Identity Management And Governance" and version "6.9.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Identity Management And Governance Search vendor "Emc" for product "Rsa Identity Management And Governance" | 6.9.1 Search vendor "Emc" for product "Rsa Identity Management And Governance" and version "6.9.1" | - |
Affected
| ||||||