8.5

CVE-2012-2287

EPSS 0.24%
Veröffentlicht 25.09.2012 11:07:46
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Rsa Authentication Agent Version7.1

Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Xp Version-

Emc ≫ Rsa Authentication Client Version3.5

Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.475

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html

Vendor Advisory

http://www.securityfocus.com/bid/55662

https://exchange.xforce.ibmcloud.com/vulnerabilities/78802

https://nvd.nist.gov/vuln/detail/CVE-2012-2287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2287

EUVD