128 matches found
ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability
ESA-2014-027.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability EMC Identifier: ESA-2014-027 CVE Identifier: CVE-2014-0643 Severity Rating: CVSS v2 Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected...
RSA NetWitness / RSA Security Analytics authentication bypass
Under some conditions, login with empty password is allowed...
ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities
ESA-2013-080.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities EMC Identifier: ESA-2013-080 CVE Identifier: CVE-2013-6180 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RSA Security Analytics 10...
EMC RSA Security Analytics vulnerabilities
Privilege escalation...
CVE-2013-6180
EMC RSA Security Analytics SA 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent...
Design/Logic Flaw
EMC RSA Security Analytics SA 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent...
CVE-2013-6180
EMC RSA Security Analytics SA 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent...
CVE-2013-6180
The CVE-2013-6180 issue affects EMC RSA Security Analytics (SA) 10.x prior to 10.3 and RSA NetWitness NextGen 9.8, where SA Core does not verify that requests originate from the SA REST UI, allowing untrusted user agents (e.g., web browsers) to bypass access restrictions. This could enable core-a...