Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6886

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6886
Last Modified 03 Aug 2009 12:00:00
Published 03 Aug 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6886

Summary

RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.

Vulnerable Systems

Application

  • Rsa Envision 3.5.0

  • Rsa Envision 3.5.1

  • Rsa Envision 3.5.2

  • Rsa Envision 3.7.0


References

VUPEN - ADV-2008-3288

MISC - http://www.secfault.org/?p=78

BUGTRAQ - 20081125 RSA EnVision Remote Password Disclosure

XF - envision-webconsole-info-disclosure(46884)

BID - 32473

OSVDB - 50273

SECUNIA - 32883


Last Updated: 27 May 2016 10:49:22