// For flags

CVE-2019-3724

Authorization Bypass VulnerabilityRSA Netwitness Platform

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including credentials.

En RSA Netwitness Platform versiones anteriores a 11.2.1.1, esta expuesta a una vulnerabilidad de omisión de autorización. Un atacante remoto con bajos privilegios podría explotar esta vulnerabilidad para conseguir acceso a la información administrativa, incluidas las credenciales.

RSA NetWitness versions prior to 10.6.6.1 and 11.2.1.1 suffer from an issue where an unauthorized attacker can access an administrative resource that may contain plain text credentials to a 3rd party system.

*Credits: RSA would like to thank Mantas Juškauskas for reporting CVE-2019-3724.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2019-05-15 CVE Published
  • 2023-06-24 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://community.rsa.com/docs/DOC-104202 2020-08-24
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rsa
Search vendor "Rsa"
 Netwitness Platform
Search vendor "Rsa" for product "Netwitness Platform"
 < 11.2.1.1
Search vendor "Rsa" for product "Netwitness Platform" and version " < 11.2.1.1"
-
Affected
Rsa
Search vendor "Rsa"
 Security Analytics
Search vendor "Rsa" for product "Security Analytics"
 < 10.6.6.1
Search vendor "Rsa" for product "Security Analytics" and version " < 10.6.6.1"
-
Affected