CVE-2012-2281

Published Jul 5, 2012

Last updated a month ago

CVSS info 6.8

Overview

Description: EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.
Source: security_alert@emc.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 10
Exploitability score: 3.2
Vector string: AV:A/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rsa:access_manager_agent:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA7DAF54-2358-47E1-A53F-346015547C1A"
          },
          {
            "criteria": "cpe:2.3:a:rsa:access_manager_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF7733DA-50FD-4688-B981-4F77D734F639"
          },
          {
            "criteria": "cpe:2.3:a:rsa:access_manager_server:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C5BA71D-0AF8-4530-ADF1-DB4DA8C47D9B"
          },
          {
            "criteria": "cpe:2.3:a:rsa:access_manager_server:6.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7912021C-02E3-492E-B269-8E0C839D93C8"
          },
          {
            "criteria": "cpe:2.3:a:rsa:access_manager_server:6.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04B01065-FD70-47E8-A094-4A6F87852198"
          },
          {
            "criteria": "cpe:2.3:a:rsa:access_manager_server:6.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "372FCAE3-0A73-4EFB-B2CD-271FDBC8F405"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References