Lucene search

DellCVE-2011-2733

HistoryAug 18, 2011 - 11:55 p.m.

CVE-2011-2733

2011-08-1823:55:00

CWE-287

dell

web.nvd.nist.gov

emc

rsa

adaptive authentication

on-premise

aaop

6.0.2.1

access restriction bypass

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:C/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.7%

JSON

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.

Affected configurations

Nvd

Node

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp1_patch2

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp1_patch3

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp2

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp2_patch1

emcrsa_adaptive_authentication_on-premiseMatch6.0.2.1sp3

VendorProductVersionCPE
emcrsa_adaptive_authentication_on-premise6.0.2.1cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*
emcrsa_adaptive_authentication_on-premise6.0.2.1cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*
emcrsa_adaptive_authentication_on-premise6.0.2.1cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*
emcrsa_adaptive_authentication_on-premise6.0.2.1cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*
emcrsa_adaptive_authentication_on-premise6.0.2.1cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	rsa_adaptive_authentication_on-premise	6.0.2.1	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2::::::
emc	rsa_adaptive_authentication_on-premise	6.0.2.1	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3::::::
emc	rsa_adaptive_authentication_on-premise	6.0.2.1	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2::::::
emc	rsa_adaptive_authentication_on-premise	6.0.2.1	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1::::::
emc	rsa_adaptive_authentication_on-premise	6.0.2.1	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3::::::

References

securityreason.com/securityalert/8344

www.securityfocus.com/archive/1/519346/100/0/threaded

www.securityfocus.com/bid/49574

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:C/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.7%

JSON

Related for CVE-2011-2733