Lucene search

DellCVE-2012-2281

HistoryJul 05, 2012 - 2:55 p.m.

CVE-2012-2281

2012-07-0514:55:02

CWE-287

dell

web.nvd.nist.gov

emc

rsa

access manager

server

6.x

6.1

sp4

agent

session tokens

logout

replay attacks

cve-2012-2281

nvd

CVSS2

6.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

67.7%

JSON

EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.

Affected configurations

Nvd

Node

rsaaccess_manager_agent

rsaaccess_manager_serverMatch6.0

rsaaccess_manager_serverMatch6.1

rsaaccess_manager_serverMatch6.1sp1

rsaaccess_manager_serverMatch6.1sp2

rsaaccess_manager_serverMatch6.1sp3

VendorProductVersionCPE
rsaaccess_manager_agent*cpe:2.3:a:rsa:access_manager_agent:*:*:*:*:*:*:*:*
rsaaccess_manager_server6.0cpe:2.3:a:rsa:access_manager_server:6.0:*:*:*:*:*:*:*
rsaaccess_manager_server6.1cpe:2.3:a:rsa:access_manager_server:6.1:*:*:*:*:*:*:*
rsaaccess_manager_server6.1cpe:2.3:a:rsa:access_manager_server:6.1:sp1:*:*:*:*:*:*
rsaaccess_manager_server6.1cpe:2.3:a:rsa:access_manager_server:6.1:sp2:*:*:*:*:*:*
rsaaccess_manager_server6.1cpe:2.3:a:rsa:access_manager_server:6.1:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
rsa	access_manager_agent	*	cpe:2.3:a:rsa:access_manager_agent::::::::
rsa	access_manager_server	6.0	cpe:2.3:a:rsa:access_manager_server:6.0:::::::*
rsa	access_manager_server	6.1	cpe:2.3:a:rsa:access_manager_server:6.1:::::::*
rsa	access_manager_server	6.1	cpe:2.3:a:rsa:access_manager_server:6.1:sp1::::::
rsa	access_manager_server	6.1	cpe:2.3:a:rsa:access_manager_server:6.1:sp2::::::
rsa	access_manager_server	6.1	cpe:2.3:a:rsa:access_manager_server:6.1:sp3::::::

References

archives.neohapsis.com/archives/bugtraq/2012-07/0037.html

www.securitytracker.com/id?1027220

CVSS2

6.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

67.7%

JSON

Related for CVE-2012-2281