Computer Security
[EN] securityvulns.ru no-pyccku


EMC RSA enVision multiple security vulnerabilities
Published:20.03.2012
Source:
SecurityVulns ID:12282
Type:remote
Threat Level:
6/10
Description:Crossite scripting, SQL injection, directory traversal, hardcoded accounts, restrictions bypass.
Affected:EMC : RSA enVision 4.1
CVE:CVE-2012-0403 (Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors.)
 CVE-2012-0402 (EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors.)
 CVE-2012-0401 (Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2012-0400 (EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.)
 CVE-2012-0399 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentEMC, ESA-2012-014: RSA enVision Multiple Vulnerabilities (20.03.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod