Описание
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:emc:rsa_netwitness_nextgen:9.8:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_security_analytics:10.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_security_analytics:10.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_security_analytics:10.2:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00225
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
EPSS
Процентиль: 45%
0.00225
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264