CVE-2012-2280
First published: Fri Jul 13 2012(Updated: )
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Authentication Manager | <=7.1 | |
| RSA Authentication Manager | =7.0 | |
| RSA Authentication Manager | =7.1 | |
| RSA Authentication Manager | =7.1-sp3 | |
| EMC RSA Authentication Manager | =7.1-sp42 | |
| RSA SecurID Appliance | =2.0 | |
| RSA SecurID Appliance | =2.0.1 | |
| RSA SecurID Appliance | =2.0.2 | |
| RSA SecurID Appliance | =3.0 | |
| RSA SecurID Appliance | =3.0-sp2 | |
| RSA SecurID Appliance | =3.0-sp3 | |
| RSA SecurID Appliance | =3.0-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-2280?
CVE-2012-2280 has been classified as a high-severity vulnerability due to its potential for cross frame scripting attacks.
How do I fix CVE-2012-2280?
To fix CVE-2012-2280, upgrade EMC RSA Authentication Manager to version 7.1 SP4 P14 or later, or RSA SecurID Appliance to version 3.0 SP4 P14 or later.
What systems are affected by CVE-2012-2280?
CVE-2012-2280 affects EMC RSA Authentication Manager versions 7.1 before SP4 P14 and all RSA SecurID Appliance versions prior to SP4 P14.
What type of vulnerability is CVE-2012-2280?
CVE-2012-2280 is identified as a Cross Frame Scripting vulnerability, allowing attackers to inject arbitrary web scripts.
Can CVE-2012-2280 lead to data breaches?
Yes, exploitation of CVE-2012-2280 could allow remote attackers to compromise user sessions and access sensitive data.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/emc
- canonical/rsa authentication manager
- version/rsa authentication manager/7.1
- version/rsa authentication manager/7.0
- version/rsa authentication manager/7.1-sp3
- vendor/rsa
- canonical/emc rsa authentication manager
- version/emc rsa authentication manager/7.1-sp42
- canonical/rsa securid appliance
- version/rsa securid appliance/2.0
- version/rsa securid appliance/2.0.1
- version/rsa securid appliance/2.0.2
- version/rsa securid appliance/3.0
- version/rsa securid appliance/3.0-sp2
- version/rsa securid appliance/3.0-sp3
- version/rsa securid appliance/3.0-sp4