6 matches found
CVE-2018-1252
CVE-2018-1252 affects RSA Web Threat Detection versions prior to 6.4, where an SQL injection vulnerability exists in the Administration and Forensics applications. An authenticated attacker with low privileges could supply specially crafted input to exploit this flaw and execute SQL commands on t...
CVE-2015-0541
The CVE-2015-0541 issue affects RSA Web Threat Detection (RSA WTD) prior to version 5.1. It is a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to hijack the authenticated state of a user by tricking them into clicking crafted links or visiting malicious sites. The r...
CVE-2016-0919
CVE-2016-0919 concerns a cross-site scripting vulnerability in EMC RSA Web Threat Detection, affecting versions 5.0, 5.1, and 5.1.2. The connected sources consistently state that the issue is a cross-site scripting flaw that could allow a malicious actor to compromise the affected system; however...
CVE-2014-4627
CVE-2014-4627 affects EMC RSA Web Threat Detection 4.x prior to version 4.6.1.1. The vulnerability is an SQL injection in the RSA Web Threat Detection component that can be triggered by an authenticated remote user via unspecified vectors, potentially allowing the attacker to access, modify, or d...
CVE-2015-4547
CVE-2015-4547 affects RSA Web Threat Detection before 5.1 SP1. The vulnerability is that the AnnoDB password is stored in cleartext in a system configuration file, enabling remote authenticated users to read the file and obtain the password. Impact is information disclosure that could enable data...
CVE-2015-4548
RSA Web Threat Detection before 5.1 SP1 is affected by CVE-2015-4548, a local privilege-escalation flaw where a user with a service account can inject commands into a service configuration file to obtain root privileges. The issue stems from writing to the configuration file, enabling local explo...