// For flags

CVE-2019-3711

DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability

Severity Score

7.2
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.

RSA Authentication Manager, en CVErsiones anteriores a la 8.4 P1, contiene una vulnerabilidad de gestión insegura de credenciales. Un administrador malicioso de la consola de operaciones podría ser capaz de obtener el valor de una contraseña de dominio que había sido establecida por otro administrador de la consola de operaciones y emplearla para ataques.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2019-03-03 CVE Published
  • 2024-07-21 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/bid/107210 Third Party Advisory
https://seclists.org/fulldisclosure/2019/Mar/5 Mailing List
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Emc
Search vendor "Emc"
 Rsa Authentication Manager
Search vendor "Emc" for product "Rsa Authentication Manager"
 8.4
Search vendor "Emc" for product "Rsa Authentication Manager" and version "8.4"
-
Affected
Rsa
Search vendor "Rsa"
 Authentication Manager
Search vendor "Rsa" for product "Authentication Manager"
 < 8.4
Search vendor "Rsa" for product "Authentication Manager" and version " < 8.4"
-
Affected