Lucene search

DellCVE-2012-2278

HistoryJul 13, 2012 - 9:55 p.m.

CVE-2012-2278

2012-07-1321:55:02

CWE-79

dell

web.nvd.nist.gov

cve-2012-2278

xss

emc

rsa

authentication manager

securid appliance

security

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

emcrsa_authentication_managerRange≤7.1sp4

emcrsa_authentication_managerMatch7.0

emcrsa_authentication_managerMatch7.1

emcrsa_authentication_managerMatch7.1sp3

rsaauthentication_managerMatch7.1sp42

Node

rsasecurid_applianceMatch2.0

rsasecurid_applianceMatch2.0.1

rsasecurid_applianceMatch2.0.2

rsasecurid_applianceMatch3.0

rsasecurid_applianceMatch3.0sp2

rsasecurid_applianceMatch3.0sp3

rsasecurid_applianceMatch3.0sp4

VendorProductVersionCPE
emcrsa_authentication_manager*cpe:2.3:a:emc:rsa_authentication_manager:*:sp4:*:*:*:*:*:*
emcrsa_authentication_manager7.0cpe:2.3:a:emc:rsa_authentication_manager:7.0:*:*:*:*:*:*:*
emcrsa_authentication_manager7.1cpe:2.3:a:emc:rsa_authentication_manager:7.1:*:*:*:*:*:*:*
emcrsa_authentication_manager7.1cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3:*:*:*:*:*:*
rsaauthentication_manager7.1cpe:2.3:a:rsa:authentication_manager:7.1:sp42:*:*:*:*:*:*
rsasecurid_appliance2.0cpe:2.3:a:rsa:securid_appliance:2.0:*:*:*:*:*:*:*
rsasecurid_appliance2.0.1cpe:2.3:a:rsa:securid_appliance:2.0.1:*:*:*:*:*:*:*
rsasecurid_appliance2.0.2cpe:2.3:a:rsa:securid_appliance:2.0.2:*:*:*:*:*:*:*
rsasecurid_appliance3.0cpe:2.3:a:rsa:securid_appliance:3.0:*:*:*:*:*:*:*
rsasecurid_appliance3.0cpe:2.3:a:rsa:securid_appliance:3.0:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	rsa_authentication_manager	*	cpe:2.3:a:emc:rsa_authentication_manager::sp4::::::*
emc	rsa_authentication_manager	7.0	cpe:2.3:a:emc:rsa_authentication_manager:7.0:::::::*
emc	rsa_authentication_manager	7.1	cpe:2.3:a:emc:rsa_authentication_manager:7.1:::::::*
emc	rsa_authentication_manager	7.1	cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3::::::
rsa	authentication_manager	7.1	cpe:2.3:a:rsa:authentication_manager:7.1:sp42::::::
rsa	securid_appliance	2.0	cpe:2.3:a:rsa:securid_appliance:2.0:::::::*
rsa	securid_appliance	2.0.1	cpe:2.3:a:rsa:securid_appliance:2.0.1:::::::*
rsa	securid_appliance	2.0.2	cpe:2.3:a:rsa:securid_appliance:2.0.2:::::::*
rsa	securid_appliance	3.0	cpe:2.3:a:rsa:securid_appliance:3.0:::::::*
rsa	securid_appliance	3.0	cpe:2.3:a:rsa:securid_appliance:3.0:sp2::::::

Rows per page:

1-10 of 121

References

archives.neohapsis.com/archives/bugtraq/2012-07/0064.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Related for CVE-2012-2278