Lucene search

[email protected]CVE-2016-0895

HistoryMay 03, 2016 - 3:59 p.m.

CVE-2016-0895

2016-05-0315:59:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2016-0895

emc

rsa data loss prevention

dlp

sp2

vulnerability

clickjacking

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.

Affected configurations

NVD

Node

emcrsa_data_loss_preventionMatch9.6

emcrsa_data_loss_preventionMatch9.6.1

emcrsa_data_loss_preventionMatch9.6.2

emcrsa_data_loss_preventionMatch9.6.2.1

emcrsa_data_loss_preventionMatch9.6.2.2

emcrsa_data_loss_preventionMatch9.6.2.3

emcrsa_data_loss_preventionMatch9.6.2.4

CPENameOperatorVersion
emc:rsa_data_loss_preventionemc rsa data loss preventioneq9.6
emc:rsa_data_loss_preventionemc rsa data loss preventioneq9.6.1
emc:rsa_data_loss_preventionemc rsa data loss preventioneq9.6.2
emc:rsa_data_loss_preventionemc rsa data loss preventioneq9.6.2.1
emc:rsa_data_loss_preventionemc rsa data loss preventioneq9.6.2.2
emc:rsa_data_loss_preventionemc rsa data loss preventioneq9.6.2.3
emc:rsa_data_loss_preventionemc rsa data loss preventioneq9.6.2.4

CPE	Name	Operator	Version
emc:rsa_data_loss_prevention	emc rsa data loss prevention	eq	9.6
emc:rsa_data_loss_prevention	emc rsa data loss prevention	eq	9.6.1
emc:rsa_data_loss_prevention	emc rsa data loss prevention	eq	9.6.2
emc:rsa_data_loss_prevention	emc rsa data loss prevention	eq	9.6.2.1
emc:rsa_data_loss_prevention	emc rsa data loss prevention	eq	9.6.2.2
emc:rsa_data_loss_prevention	emc rsa data loss prevention	eq	9.6.2.3
emc:rsa_data_loss_prevention	emc rsa data loss prevention	eq	9.6.2.4

References

packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html

seclists.org/bugtraq/2016/May/9

www.securitytracker.com/id/1035714

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2016-0895

cvelist1 nvd1 prion1