Lucene search

DellCVE-2013-3273

HistoryJul 08, 2013 - 8:55 p.m.

CVE-2013-3273

2013-07-0820:55:01

CWE-255

dell

web.nvd.nist.gov

emc

rsa

authentication manager

trace logging

vulnerability

cve-2013-3273

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.

Affected configurations

Nvd

Node

emcrsa_authentication_managerMatch7.1

emcrsa_authentication_managerMatch7.1sp2

emcrsa_authentication_managerMatch7.1sp3

emcrsa_authentication_managerMatch8.0p1

rsaauthentication_managerMatch7.1sp1

rsaauthentication_managerMatch8.0

VendorProductVersionCPE
emcrsa_authentication_manager7.1cpe:2.3:a:emc:rsa_authentication_manager:7.1:*:*:*:*:*:*:*
emcrsa_authentication_manager7.1cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp2:*:*:*:*:*:*
emcrsa_authentication_manager7.1cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3:*:*:*:*:*:*
emcrsa_authentication_manager8.0cpe:2.3:a:emc:rsa_authentication_manager:8.0:p1:*:*:*:*:*:*
rsaauthentication_manager7.1cpe:2.3:a:rsa:authentication_manager:7.1:sp1:*:*:*:*:*:*
rsaauthentication_manager8.0cpe:2.3:a:rsa:authentication_manager:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	rsa_authentication_manager	7.1	cpe:2.3:a:emc:rsa_authentication_manager:7.1:::::::*
emc	rsa_authentication_manager	7.1	cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp2::::::
emc	rsa_authentication_manager	7.1	cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3::::::
emc	rsa_authentication_manager	8.0	cpe:2.3:a:emc:rsa_authentication_manager:8.0:p1::::::
rsa	authentication_manager	7.1	cpe:2.3:a:rsa:authentication_manager:7.1:sp1::::::
rsa	authentication_manager	8.0	cpe:2.3:a:rsa:authentication_manager:8.0:::::::*

References

archives.neohapsis.com/archives/bugtraq/2013-07/0046.html

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-3273