Lucene search

[email protected]NVD:CVE-2008-6886

HistoryAug 03, 2009 - 2:30 p.m.

CVE-2008-6886

2009-08-0314:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.

Affected configurations

Nvd

Node

rsaenvisionMatch3.5.0

rsaenvisionMatch3.5.1

rsaenvisionMatch3.5.2

rsaenvisionMatch3.7.0

VendorProductVersionCPE
rsaenvision3.5.0cpe:2.3:a:rsa:envision:3.5.0:*:*:*:*:*:*:*
rsaenvision3.5.1cpe:2.3:a:rsa:envision:3.5.1:*:*:*:*:*:*:*
rsaenvision3.5.2cpe:2.3:a:rsa:envision:3.5.2:*:*:*:*:*:*:*
rsaenvision3.7.0cpe:2.3:a:rsa:envision:3.7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rsa	envision	3.5.0	cpe:2.3:a:rsa:envision:3.5.0:::::::*
rsa	envision	3.5.1	cpe:2.3:a:rsa:envision:3.5.1:::::::*
rsa	envision	3.5.2	cpe:2.3:a:rsa:envision:3.5.2:::::::*
rsa	envision	3.7.0	cpe:2.3:a:rsa:envision:3.7.0:::::::*

References

marc.info/?l=bugtraq&m=122765140110581&w=2

secunia.com/advisories/32883

www.osvdb.org/50273

www.secfault.org/?p=78

www.securityfocus.com/bid/32473

www.vupen.com/english/advisories/2008/3288

exchange.xforce.ibmcloud.com/vulnerabilities/46884

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

Related for NVD:CVE-2008-6886

cvelist1 cve1 prion1