Описание
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
Ссылки
- Mailing ListThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:emc:authentication_manager_prime:3.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:authentication_manager_prime:3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00744
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
EPSS
Процентиль: 73%
0.00744
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-264