Lucene search

[email protected]CVE-2012-2281

HistoryJul 05, 2012 - 2:55 p.m.

CVE-2012-2281

2012-07-0514:55:00

CWE-287

[email protected]

web.nvd.nist.gov

emc

rsa

access manager

server

6.x

6.1

sp4

agent

session tokens

logout

replay attacks

cve-2012-2281

nvd

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

67.4%

JSON

EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.

CPENameOperatorVersion
rsa:access_manager_serverrsa access manager servereq6.1
rsa:access_manager_serverrsa access manager servereq6.0
rsa:access_manager_agentrsa access manager agenteq*

CPE	Name	Operator	Version
rsa:access_manager_server	rsa access manager server	eq	6.1
rsa:access_manager_server	rsa access manager server	eq	6.0
rsa:access_manager_agent	rsa access manager agent	eq	*

References

archives.neohapsis.com/archives/bugtraq/2012-07/0037.html

www.securitytracker.com/id?1027220

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

67.4%

JSON

Related for CVE-2012-2281

securityvulns1 prion1