Lucene search

[email protected]CVE-2015-0532

HistoryMay 01, 2015 - 10:59 a.m.

CVE-2015-0532

2015-05-0110:59:00

CWE-264

[email protected]

web.nvd.nist.gov

emc

rsa

identity management

governance

img

remote attackers

access

password reset

cve-2015-0532

nvd

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

CPENameOperatorVersion
emc:rsa_identity_management_and_governanceemc rsa identity management and governanceeq6.9.0
emc:rsa_identity_management_and_governanceemc rsa identity management and governanceeq6.9.1

CPE	Name	Operator	Version
emc:rsa_identity_management_and_governance	emc rsa identity management and governance	eq	6.9.0
emc:rsa_identity_management_and_governance	emc rsa identity management and governance	eq	6.9.1

References

packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html

seclists.org/bugtraq/2015/Apr/204

www.securitytracker.com/id/1032218

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2015-0532

prion1 securityvulns2