RSA Authentication Manager 8.2 SP1 Patch 2 contains a fix for a brute force PIN-guessing vulnerability. This Self-Service Console vulnerability could potentially be exploited by malicious users and would impact a victim's ability to access protected resources. It requires that the victim's Self-Service Console credentials were compromised.
77aa2d399d4cb516fc5ff38029d6ead28e25e859e723af948bdbc87aeb25d0fe
A vulnerability exists in EMC NetWorker which can be exploited to potentially create a denial of service condition or eavesdrop on process communications. EMC Networker uses an RPC library to provide a portmapper service within nsrexecd. The portmapper restricts access for service commands to the localhost. However, the UDP protocol allows malicious users to spoof the source address of the network packet making it appear it originated from the localhost. This potentially may allow a remote malicious user to unregister existing NetWorker RPC services or register new RPC services. EMC NetWorker versions 7.5.3.5, 7.5 SP4 and later, and 7.6.1.2 and later are affected.
21660399dbf1d185b83eda092d0c5dc4da4a6779f9b2ea910ce9b02233783449
The vulnerability that was identified in the RSA Key Manager (RKM) C client 1.5 which may expose the product to SQL Injection attack has been addressed. An attacker having access to encrypted data could have leveraged this vulnerability to alter the RKM C Client 1.5 cache.
5c1419da8eb09fefd4748549c1aa1ef71df8b044be88f8d59ee8e34d154d7cad
A potential cross-site scripting vulnerability has been identified in RSA Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Specifically a Flash Shockwave file provided by the Adaptive Authentication system could be exploited in certain limited circumstances.
5c0090b6b979158e606ecf53a777dcebbc56e093a0a0813c1445ef5ec6cdc62a
Secunia Security Advisory - A security issue has been reported in RSA Authentication Client, which can be exploited by malicious users to bypass certain security restrictions.
f43bebad5e3e21afb0525c66572f3566bf30b6b6dbe9497d1ff9d2ce3b08f5b6
Secunia Security Advisory - A security issue has been reported in RSA Authentication Client, which can be exploited by malicious users to bypass certain security restrictions.
f8bbe3d8ec652d4eb6ba11bf30bdf14738d2def996558585288e17ef95f9d7f2
RSA Authentication Client 2.0.x, 3.0, and 3.5.x contain a potential vulnerability that could allow the unintended extraction, by a properly authenticated user, of secret (or symmetric) key objects stored on an RSA SecurID 800 Authenticator. This potential vulnerability is corrected in RSA Authentication Client 3.5.3.
41ebae2a8b510e2bd8181c50df475c394e772dc9ce8fcb156ecb559222b1e530
Secunia Security Advisory - A vulnerability has been reported in RSA Authentication Agent for Web, which can be exploited by malicious people to disclose potentially sensitive information.
7407b48bd112021302d50ee6b98c7b51030dad17938753ec82580eb53ca09f62
RSA Authentication Agent 7.0 for Web suffers from a directory traversal vulnerability.
934589575348733dd39f775489b9c5364ec05e0b4000995c95d8c6376dde186a
RSA Access Manager Agent version 4.7.1 with RSA Adaptive Authentication Integration contains a potential vulnerability that could be exploited by malicious people to bypass authentication restrictions.
f37ca923bf54bfdf37a88831d0f75bcf6a5e55a593c52f203860663002a51c18
A vulnerability exists in EMC Celerra which can be exploited to gain unauthorized access to root NFS export on EMC Celerra NAS. NAS Code versions 5.6.50 and below are affected.
3d240af0a8c4e5c33aa8da21b8107990c5dfa8e6ea4a6e3ee56672b3ac57a2c2
RSA Access Manager Server contains a potential vulnerability that could be exploited to bypass certain security restrictions, potentially enabling unauthorized access to protected resources.
98f487b3c2005faddb5b253b4eb92d13be6de45cdc5a506602e42d94491a38e4
RSA enVision versions prior 3.7 SP1 may contain potential denial of service vulnerability.
7566319f767757867865456f7784400be8a8be03606701a7b11d6e60fb586707
A vulnerability exists in EMC Disk Library (EDL) which can be exploited by an unauthenticated remote user to cause denial of service.
26a41d2e5e2135f03053562315adcc356460c9f101f8f25653f4753342164596
RSA(r) Federated Identity Manager may be impacted by potential arbitrary URL redirection vulnerability that may be exploited by malicious people to bypass certain security restrictions. Versions 4.0 and 4.1 are affected.
a2bc9bfa4fd0542fa8bf08749c6d93fc8471404777491dfdf5d6baad0eb5fb6d
A vulnerability exists in EMC Avamar which can be exploited by an unauthenticated remote user to cause denial of service. Versions 4.1.x and 5.0 are affected.
3222e8fa96e97abd8a46fe2cf5fe899cdaf3cd4e01a6ea315287f18177dd06c7
EMC HomeBase Server contains a vulnerability that may allow an unauthenticated remote user to upload arbitrary files on the affected HomeBase Server. Versions 6.2.x and 6.3.x are affected.
1481b43fd91ee9d43c4ca39ea27c50887e8ea9279062e3564ef9f2bc7328f2f6
RSA Authentication Agent is vulnerable to a vanilla cross site scripting flaw on the login page. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services.
5a5d9dea5b1f25761e00eb31cbd27c0bbc1985757d23d7db73ef2b3ac1f40262
A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible. remote URI redirection vulnerability affects the RSA Authentication Agent. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'url' parameter. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11.
68fa1ad35fc6aa8f665119119b0250479e6e7a337c5f298e8a27980b5aa6d42a
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of RSA Authentication Manager and other products that include the Progress server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the Progress Server listening by default on TCP ports 5520 and 5530. The _mprosrv.exe process trusts a user-supplied DWORD size and attempts to receive that amount of data into a statically allocated heap buffer
5991d00193b63121f2781ae42162b01e3c2ec0fe6645783a2f56dd01c2fc2de0
SEC-CONSULT Security Advisory 20051025-1 - RSA Authentication Agent for Web 5.1 is prone to a cross site scripting vulnerability. Please note that this is issue is different from CVE-2003-0389. Affected versions: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents greater than 5.1 may also be vulnerable.
2d40e47e26366a81608e58eb701e131d921abb75ec18f1bc0763fd4b69a57ad9
Secunia Security Advisory - H.D. Moore has reported a vulnerability in RSA Authentication Agent for Web for Internet Information Services, which can be exploited by malicious people to cause a DoS or potentially to compromise a vulnerable system.
1927aac572ac967167a54f27793793e77a6a5ec4800e8c32910efe243e4955ad
Secunia Security Advisory - Gary O'leary-Steele has reported a vulnerability in RSA Authentication Agent for Web for Internet Information Services, which can be exploited by malicious people to compromise a vulnerable system.
0cb9f5c255838359bb83768eaa07d0dc25e76f589bc5c07aecb63f74a979271a
Secunia Security Advisory - Oliver Karow has reported a vulnerability in RSA Authentication Agent for Web for IIS, which can be exploited by malicious people to conduct cross-site scripting attacks.
cf79b70c8e48d19db8bf1140d7176e0e40dbbb57ed9052f443efaf21ba3ee33f
Exaprobe Security Advisory - The w3who.dll in Windows 2000 is susceptible to multiple cross site scripting attacks and a buffer overflow.
8ece849689003d2f57457e84d45b0e4e644b9bb92da86652b968cbe2ed278a03
Guardian Digital Security Advisory - The Guardian Digital WebTool mistakingly uses a GET method instead of a POST method when passing along a user passphrase for SSH keys being generated allowing for the passphrases to get logged in /var/log/userpass.log along with the rest of the query string.
f3c7790699c2de28eff06ee5c00de602e489b1a387068cec05c864ef10156833