Lucene search

[email protected]CVE-2015-0532

HistoryMay 01, 2015 - 10:59 a.m.

CVE-2015-0532

2015-05-0110:59:00

CWE-264

[email protected]

web.nvd.nist.gov

emc

rsa

identity management

governance

img

remote attackers

access

password reset

cve-2015-0532

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.007

Percentile

80.5%

JSON

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

Affected configurations

NVD

Node

emcrsa_identity_management_and_governanceMatch6.9.0

emcrsa_identity_management_and_governanceMatch6.9.1

VendorProductVersionCPE
emcrsa_identity_management_and_governance6.9.1cpe:/a:emc:rsa_identity_management_and_governance:6.9.1:::
emcrsa_identity_management_and_governance6.9.0cpe:/a:emc:rsa_identity_management_and_governance:6.9.0:::

Vendor	Product	Version	CPE
emc	rsa_identity_management_and_governance	6.9.1	cpe:/a:emc:rsa_identity_management_and_governance:6.9.1:::
emc	rsa_identity_management_and_governance	6.9.0	cpe:/a:emc:rsa_identity_management_and_governance:6.9.0:::

References

packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html

seclists.org/bugtraq/2015/Apr/204

www.securitytracker.com/id/1032218

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.007

Percentile

80.5%

JSON

Related for CVE-2015-0532

securityvulns2 prion1 nvd1 cvelist1