Lucene search

PRIOn knowledge basePRION:CVE-2013-6180

HistoryDec 09, 2013 - 6:55 p.m.

Design/Logic Flaw

2013-12-0918:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.7%

JSON

EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.

CPENameOperatorVersion
rsa_netwitness_nextgeneq9.8
rsa_security_analyticseq10.1
rsa_security_analyticseq10.2
rsa_security_analyticseq10.0

Name	Operator	Version
rsa_netwitness_nextgen	eq	9.8
rsa_security_analytics	eq	10.1
rsa_security_analytics	eq	10.2
rsa_security_analytics	eq	10.0

References

archives.neohapsis.com/archives/bugtraq/2013-12/0034.html

www.securitytracker.com/id/1029446

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for PRION:CVE-2013-6180