Lucene search

[email protected]CVE-2013-6180

HistoryDec 09, 2013 - 6:55 p.m.

CVE-2013-6180

2013-12-0918:55:00

CWE-264

[email protected]

web.nvd.nist.gov

emc

rsa

security analytics

remote attack

access restriction bypass

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.

CPENameOperatorVersion
emc:rsa_security_analyticsemc rsa security analyticseq10.1
emc:rsa_security_analyticsemc rsa security analyticseq10.2
emc:rsa_security_analyticsemc rsa security analyticseq10.0
emc:rsa_netwitness_nextgenemc rsa netwitness nextgeneq9.8

CPE	Name	Operator	Version
emc:rsa_security_analytics	emc rsa security analytics	eq	10.1
emc:rsa_security_analytics	emc rsa security analytics	eq	10.2
emc:rsa_security_analytics	emc rsa security analytics	eq	10.0
emc:rsa_netwitness_nextgen	emc rsa netwitness nextgen	eq	9.8

References

archives.neohapsis.com/archives/bugtraq/2013-12/0034.html

www.securitytracker.com/id/1029446

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2013-6180

prion1 securityvulns2 cvelist1