CVE-2015-6851

Опубликовано: 23 дек. 2015

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.

Ссылки

http://packetstormsecurity.com/files/135013/RSA-SecurID-Web-Agent-Authentication-Bypass.html
http://seclists.org/bugtraq/2015/Dec/115
http://www.securityfocus.com/bid/79646
http://www.securitytracker.com/id/1034510
http://packetstormsecurity.com/files/135013/RSA-SecurID-Web-Agent-Authentication-Bypass.html
http://seclists.org/bugtraq/2015/Dec/115
http://www.securityfocus.com/bid/79646
http://www.securitytracker.com/id/1034510

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*

Версия до 7.2.1 (включая)

EPSS

Процентиль: 15%

0.00048

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-4hrg-5rwg-fx9h