What is the severity of CVE-2013-6180?

CVE-2013-6180 is classified as a critical vulnerability due to the potential for unauthorized access to sensitive data.

How do I fix CVE-2013-6180?

To fix CVE-2013-6180, upgrade to RSA Security Analytics version 10.3 or later, or RSA NetWitness NextGen version 9.8 or later.

What are the affected versions for CVE-2013-6180?

The affected versions for CVE-2013-6180 include RSA Security Analytics 10.0, 10.1, 10.2, and RSA NetWitness NextGen 9.8.

Can CVE-2013-6180 be exploited remotely?

Yes, CVE-2013-6180 can be exploited remotely by attackers to gain unauthorized access.

Vulnerability/
CVE-2013-6180

medium

6.8

CWE

264

9/12/2013

6/8/2024

CVE-2013-6180

First published: Mon Dec 09 2013(Updated: )

EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
EMC RSA NetWitness NextGen	=9.8
EMC RSA Security Analytics	=10.0
EMC RSA Security Analytics	=10.1
EMC RSA Security Analytics	=10.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-6180?
CVE-2013-6180 is classified as a critical vulnerability due to the potential for unauthorized access to sensitive data.
How do I fix CVE-2013-6180?
To fix CVE-2013-6180, upgrade to RSA Security Analytics version 10.3 or later, or RSA NetWitness NextGen version 9.8 or later.
What are the affected versions for CVE-2013-6180?
The affected versions for CVE-2013-6180 include RSA Security Analytics 10.0, 10.1, 10.2, and RSA NetWitness NextGen 9.8.
Can CVE-2013-6180 be exploited remotely?
Yes, CVE-2013-6180 can be exploited remotely by attackers to gain unauthorized access.
What kind of attack does CVE-2013-6180 allow?
CVE-2013-6180 allows attackers to bypass intended access restrictions by sending unauthorized Core requests.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/emc
canonical/emc rsa netwitness nextgen
version/emc rsa netwitness nextgen/9.8
canonical/emc rsa security analytics
version/emc rsa security analytics/10.0
version/emc rsa security analytics/10.1
version/emc rsa security analytics/10.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.