Lucene search

DellCVE-2011-2736

HistoryAug 25, 2011 - 2:22 p.m.

CVE-2011-2736

2011-08-2514:22:45

CWE-310

dell

web.nvd.nist.gov

rsa envision

cve-2011-2736

security vulnerability

cleartext credentials

sensitive information disclosure

network sniffing

mailbox access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox.

Affected configurations

Nvd

Node

rsaenvisionMatch4.0sp1

rsaenvisionMatch4.0sp2

rsaenvisionMatch4.0sp3

VendorProductVersionCPE
rsaenvision4.0cpe:2.3:a:rsa:envision:4.0:sp1:*:*:*:*:*:*
rsaenvision4.0cpe:2.3:a:rsa:envision:4.0:sp2:*:*:*:*:*:*
rsaenvision4.0cpe:2.3:a:rsa:envision:4.0:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
rsa	envision	4.0	cpe:2.3:a:rsa:envision:4.0:sp1::::::
rsa	envision	4.0	cpe:2.3:a:rsa:envision:4.0:sp2::::::
rsa	envision	4.0	cpe:2.3:a:rsa:envision:4.0:sp3::::::

References

securityreason.com/securityalert/8350

www.securityfocus.com/archive/1/519395/100/0/threaded

www.securitytracker.com/id?1025979

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

Related for CVE-2011-2736