Lucene search

K
cve[email protected]CVE-2015-0532
HistoryMay 01, 2015 - 10:59 a.m.

CVE-2015-0532

2015-05-0110:59:00
CWE-264
web.nvd.nist.gov
22
emc
rsa
identity management
governance
img
remote attackers
access
password reset
cve-2015-0532
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

Affected configurations

NVD
Node
emcrsa_identity_management_and_governanceMatch6.9.0
OR
emcrsa_identity_management_and_governanceMatch6.9.1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

Related for CVE-2015-0532