Skip to main content

Rsa Authentication Manager CVE-2016-0902

MEDIUM
2016-05-07 security_alert@emc.com
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 07, 2016 - 10:59 cve.org
MEDIUM 5.3

DescriptionCVE.org

CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

AnalysisAI

CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Affected products include: Emc Rsa Authentication Manager. Version information: before 8.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-3711 HIGH
7.2 Mar 13

RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. Rated high

CVE-2012-2279 MEDIUM
6.4 Jul 13

Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID

CVE-2016-0901 MEDIUM
6.1 May 07

Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to

CVE-2016-0900 MEDIUM
6.1 May 07

Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to

CVE-2017-14373 MEDIUM
6.1 Oct 31

EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could

CVE-2018-11074 MEDIUM
6.1 Sep 28

RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which

CVE-2018-1254 MEDIUM
6.1 Jun 21

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vuln

CVE-2018-1253 MEDIUM
6.1 Jun 21

RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulner

CVE-2017-8006 MEDIUM
5.9 Jul 17

In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of

CVE-2014-2516 MEDIUM
5.8 Dec 12

Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect

CVE-2017-14379 MEDIUM
5.4 Nov 28

EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be expl

CVE-2012-2280 MEDIUM
5.0 Jul 13

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frame

Share

CVE-2016-0902 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy