Lucene search

DellCVE-2012-2280

HistoryJul 13, 2012 - 9:55 p.m.

CVE-2012-2280

2012-07-1321:55:02

dell

web.nvd.nist.gov

emc

rsa

authentication

manager

securid

appliance

sp4

p14

cross frame scripting

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a “Cross frame scripting vulnerability.”

Affected configurations

Nvd

Node

emcrsa_authentication_managerRange≤7.1sp4

emcrsa_authentication_managerMatch7.0

emcrsa_authentication_managerMatch7.1

emcrsa_authentication_managerMatch7.1sp3

rsaauthentication_managerMatch7.1sp42

Node

rsasecurid_applianceMatch2.0

rsasecurid_applianceMatch2.0.1

rsasecurid_applianceMatch2.0.2

rsasecurid_applianceMatch3.0

rsasecurid_applianceMatch3.0sp2

rsasecurid_applianceMatch3.0sp3

rsasecurid_applianceMatch3.0sp4

VendorProductVersionCPE
emcrsa_authentication_manager*cpe:2.3:a:emc:rsa_authentication_manager:*:sp4:*:*:*:*:*:*
emcrsa_authentication_manager7.0cpe:2.3:a:emc:rsa_authentication_manager:7.0:*:*:*:*:*:*:*
emcrsa_authentication_manager7.1cpe:2.3:a:emc:rsa_authentication_manager:7.1:*:*:*:*:*:*:*
emcrsa_authentication_manager7.1cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3:*:*:*:*:*:*
rsaauthentication_manager7.1cpe:2.3:a:rsa:authentication_manager:7.1:sp42:*:*:*:*:*:*
rsasecurid_appliance2.0cpe:2.3:a:rsa:securid_appliance:2.0:*:*:*:*:*:*:*
rsasecurid_appliance2.0.1cpe:2.3:a:rsa:securid_appliance:2.0.1:*:*:*:*:*:*:*
rsasecurid_appliance2.0.2cpe:2.3:a:rsa:securid_appliance:2.0.2:*:*:*:*:*:*:*
rsasecurid_appliance3.0cpe:2.3:a:rsa:securid_appliance:3.0:*:*:*:*:*:*:*
rsasecurid_appliance3.0cpe:2.3:a:rsa:securid_appliance:3.0:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	rsa_authentication_manager	*	cpe:2.3:a:emc:rsa_authentication_manager::sp4::::::*
emc	rsa_authentication_manager	7.0	cpe:2.3:a:emc:rsa_authentication_manager:7.0:::::::*
emc	rsa_authentication_manager	7.1	cpe:2.3:a:emc:rsa_authentication_manager:7.1:::::::*
emc	rsa_authentication_manager	7.1	cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3::::::
rsa	authentication_manager	7.1	cpe:2.3:a:rsa:authentication_manager:7.1:sp42::::::
rsa	securid_appliance	2.0	cpe:2.3:a:rsa:securid_appliance:2.0:::::::*
rsa	securid_appliance	2.0.1	cpe:2.3:a:rsa:securid_appliance:2.0.1:::::::*
rsa	securid_appliance	2.0.2	cpe:2.3:a:rsa:securid_appliance:2.0.2:::::::*
rsa	securid_appliance	3.0	cpe:2.3:a:rsa:securid_appliance:3.0:::::::*
rsa	securid_appliance	3.0	cpe:2.3:a:rsa:securid_appliance:3.0:sp2::::::

Rows per page:

1-10 of 121

References

archives.neohapsis.com/archives/bugtraq/2012-07/0064.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

Related for CVE-2012-2280