Lucene search

[email protected]CVE-2011-2741

HistoryDec 14, 2011 - 11:55 a.m.

CVE-2011-2741

2011-12-1411:55:06

CWE-264

[email protected]

web.nvd.nist.gov

emc

rsa

aaop

security

vulnerability

bypass

cve-2011-2741

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.6%

JSON

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified “data elements.”

Affected configurations

NVD

Node

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp1_patch2

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp1_patch3

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp2

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp2_patch1

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp3

CPENameOperatorVersion
emc:rsa_adaptive_authentication_on-premiseemc rsa adaptive authentication on-premiseeq6.0.2.1

CPE	Name	Operator	Version
emc:rsa_adaptive_authentication_on-premise	emc rsa adaptive authentication on-premise	eq	6.0.2.1

References

www.securityfocus.com/archive/1/520850

www.securitytracker.com/id?1026420

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2011-2741

prion1 cvelist1 nvd1 securityvulns2