CVE-2013-6180
First published: Mon Dec 09 2013(Updated: )
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emc Rsa Netwitness Nextgen | =9.8 | |
| EMC RSA Security Analytics | =10.0 | |
| EMC RSA Security Analytics | =10.1 | |
| EMC RSA Security Analytics | =10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/emc
- canonical/emc rsa netwitness nextgen
- version/emc rsa netwitness nextgen/9.8
- canonical/emc rsa security analytics
- version/emc rsa security analytics/10.0
- version/emc rsa security analytics/10.1
- version/emc rsa security analytics/10.2