23 replies to this topic

[AplusWebMaster]

FYI...

RSA SecurID software token Insecure Library Loading vuln - update available
- https://secunia.com/advisories/45665/
Release Date: 2011-12-15
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-4141
... vulnerability is reported in versions prior to 4.1.1 (confirmed in 4.1.0.545).
Solution: Update to version 4.1.1.
Original Advisory: RSA:
http://seclists.org/...SA-2011-039.txt

RSA Adaptive Authentication - update available
- https://secunia.com/advisories/47255/
Release Date: 2011-12-14
Impact: Security Bypass
Where: From remote
CVE References:
http://web.nvd.nist....d=CVE-2011-2741
http://web.nvd.nist....d=CVE-2011-2742
Software: RSA Adaptive Authentication 6.x
... vulnerabilities are reported in the following versions: 6.0.2.1 SP1 Patch 2, 6.0.2.1 SP1 Patch 3, 6.0.2.1 SP2, 6.0.2.1 SP2 Patch 1, 6.0.2.1 SP3
Solution: Apply patches...
Reported by the vendor
Original Advisory:
http://archives.neoh...SA-2011-036.txt

[AplusWebMaster]

FYI...

RSA vuln - hot fix available
RSA Access Manager Session Replay Flaw Lets Remote Users Access the System
- http://www.securityt....com/id/1027220
CVE Reference: http://web.nvd.nist....d=CVE-2012-2281
Jul 4 2012
Impact: User access via network
Version(s): Server version 6.0.x, 6.1, 6.1 SP1, 6.1 SP2, 6.1 SP3; -all- Agent versions
Description: A vulnerability was reported in RSA Access Manager...
A remote user can exploit a flaw in the logout process and replay session credentials to gain access to the target system...
Solution: The vendor has issued a fix.
For 6.1 SP4: hot fix # AxM HF 6.0.4.64
For Server version 6.0.4: hot fix # AxM HF 6.0.4.64
For Server version 6.1 SP3: hot fix # AxM HF 6.1.3.30
Vendor URL: http://www.emc.com/s...t/rsa/index.htm

- https://secunia.com/advisories/49757/
Release Date: 2012-07-05
Impact: Security Bypass
Where: From remote
CVE Reference: CVE-2012-2281
... vulnerability is reported in RSA Access Manager Server versions 6.0.x and 6.1 prior to 6.1 SP4 and -all- supported versions of RSA Access Manager Agent.
Solution: Apply hot fixes.
Original Advisory: ESA-2012-026:
http://archives.neoh...12-07/0037.html

Edited by AplusWebMaster, 10 July 2012 - 09:57 AM.

[AplusWebMaster]

FYI...

RSA Authentication Manager Weakness - multiple vulns
- https://secunia.com/advisories/49927/
Release Date: 2012-07-13
Impact: Unknown, Cross Site Scripting, Spoofing
Where: From remote...
Solution: Install patch 14 for RSA Authentication Manager version 7.1 SP4 or RSA SecurID Appliance version 3.0 SP4.
Original Advisory: ESA-2012-023:
http://archives.neoh...SA-2012-023.txt

- http://www.securityt....com/id/1027247
CVE Reference: CVE-2012-2278, CVE-2012-2279, CVE-2012-2280
Jul 12 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 7.1 (and Appliance 3.0) ...
RSA Authentication Manager 6.1 is not affected by these vulnerabilities.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the RSA Authentication Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can redirect the target user's browser to an arbitrary URL.
Solution: The vendor has issued a fix (Patch 14 (P14) for RSA Authentication Manager 7.1 SP4 and Appliance 3.0 SP4)...

[AplusWebMaster]

FYI...

RSA BSAFE SSL-C v2.8.6 released
- https://secunia.com/advisories/50601/
Release Date: 2012-09-12
Criticality level: Highly critical
Impact: Hijacking, Exposure of sensitive information, System access
Where: From remote
Software: RSA BSAFE
CVE Reference(s): CVE-2011-3389, CVE-2012-2110, CVE-2012-2131
... weakness and the vulnerability are reported in RSA BSAFE SSL-C versions prior to 2.8.6.
Solution: Update to RSA BSAFE SSL-C version 2.8.6.
Original Advisory:
http://archives.neoh...SA-2012-029.txt

- http://www.securityt....com/id/1027514
Sep 11 2012
___

- http://www.emc.com/s...t/rsa/index.htm
___

RSA BSAFE Micro Edition Suite v4.0 released
- https://secunia.com/advisories/50605/
Release Date: 2012-09-12
Impact: Hijacking, Exposure of sensitive information
Where: From remote
Software: RSA BSAFE
CVE Reference: CVE-2011-3389
... weakness is reported in RSA BSAFE Micro Edition Suite versions prior to 4.0.
Solution: Update to RSA BSAFE Micro Edition Suite version 4.0.
Original Advisory:
http://archives.neoh...SA-2012-032.txt

- http://www.securityt....com/id/1027513
Sep 11 2012

[AplusWebMaster]

FYI...

RSA Agent 7.1.1 / RSA Client 3.5.6 - Win XP and Win Server 2003
- https://secunia.com/advisories/50735/
Release Date: 2012-09-25
Impact: Security Bypass
Where: Local system...
Software: RSA Authentication Agent for Microsoft Windows 7.x, RSA Authentication Client 3.x
CVE Reference: http://web.nvd.nist....d=CVE-2012-2287 - 8.5 (HIGH)
... weakness is reported in the following products:
* RSA Authentication Agent for Microsoft Windows versions prior to 7.1.1.
* RSA Authentication Client versions prior to 3.5.6.
Solution: Update to RSA Authentication Agent for Microsoft Windows version 7.1.1 or RSA Authentication Client version 3.5.6.

> http://www.emc.com/s...t/rsa/index.htm
___

- http://www.securityt....com/id/1027559
CVE Reference: CVE-2012-2287
Date: Sep 24 2012
Solution: The vendor has issued a fix (RSA Authentication Agent for Microsoft Windows version 7.1.1; RSA Authentication Client 3.5.6).
Underlying OS: Windows (2003), Windows (XP)...

Edited by AplusWebMaster, 25 September 2012 - 10:40 AM.

[AplusWebMaster]

FYI...

RSA - v6.0.2.1 SP3 P3 released
- https://secunia.com/advisories/50931/
Release Date: 2012-10-10
Impact: Exposure of sensitive information
Where: From local network...
Software: RSA Adaptive Authentication 6.x
... vulnerability is reported in version 6.0.2.1.
Solution: Update to version 6.0.2.1 SP3 P3.

- http://www.securityt....com/id/1027630
CVE Reference: CVE-2012-2286
Oct 10 2012
Impact: A remote user can obtain sensitive information and gain full control of the target system.
Solution: The vendor has issued a fix (6.0.2.1 SP3 P3)...

>> http://www.emc.com/s...t/rsa/index.htm

[AplusWebMaster]

FYI...

RSA Data Protection Manager- Cross-Site Scripting vuln
- http://www.securityt....com/id/1027781
CVE Reference:
- https://web.nvd.nist...d=CVE-2012-4612 - 4.3
- https://web.nvd.nist...d=CVE-2012-4613 - 6.9
Nov 16 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2.7.x, 3.x ...
Solution: The vendor has issued a fix (3.2.1)...

>> http://www.emc.com/s...t/rsa/index.htm

Edited by AplusWebMaster, 16 November 2012 - 09:03 AM.

[AplusWebMaster]

FYI...

RSA Adaptive Authentication 7.0 released
- http://www.securityt....com/id/1027811
CVE Reference: CVE-2012-4611
Nov 26 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): (On-Premise) 6.x
... vendor has issued a fix (7.0).

- https://secunia.com/advisories/51394/
Release Date: 2012-11-27
Impact: Cross Site Scripting
Where: From remote
CVE Reference: CVE-2012-4611
Software: RSA Adaptive Authentication 6.x
... vulnerability is reported in version 6.x.
Solution: Upgrade to version 7.0.
Original Advisory: EMC:
http://archives.neoh...SA-2012-054.txt

>> http://www.emc.com/s...t/rsa/index.htm

[AplusWebMaster]

FYI...

RSA NetWitness Informer - multiple vulns
- https://secunia.com/advisories/51483/
Release Date: 2012-12-04
Impact: Cross Site Scripting
Where: From remote...
Software: NetWitness Informer 2.x
CVE Reference(s): CVE-2012-4608, CVE-2012-4609
... vulnerabilities are reported in versions prior to 2.0.5.6.
Solution: Update to version 2.0.5.6.
Original Advisory: EMC:
http://archives.neoh...SA-2012-052.txt

> http://www.emc.com/s...t/rsa/index.htm

> http://www.emc.com/s...one-numbers.htm

Edited by AplusWebMaster, 04 December 2012 - 07:53 AM.

[AplusWebMaster]

FYI...

RSA Archer eGRC 5.2SP1, 5.3 released
- http://www.securityt....com/id/1028073
CVE Reference: CVE-2012-1064, CVE-2012-2292, CVE-2012-2293, CVE-2012-2294
Feb 4 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 5.x
Description: Several vulnerabilities were reported in RSA Archer eGRC. A remote user can conduct cross-site scripting, cross-domain access, and clickjacking attacks. A remote authenticated user can upload files to the target system...
Solution: The vendor has issued a fix (5.2SP1, 5.3).
- http://www.emc.com/s...t/rsa/index.htm

[AplusWebMaster]

FYI...

RSA Archer eGRC 5.3SP1 ...
- http://www.securityt....com/id/1028516
CVE Reference: CVE-2013-0932, CVE-2013-0933, CVE-2013-0934
May 7 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 5.x ...
Solution: The vendor has issued a fix (5.3SP1)...
- http://www.emc.com/s...t/rsa/index.htm

[AplusWebMaster]

FYI...

RSA Authentication Agent v7.1.1
- https://secunia.com/advisories/53399/
Release Date: 2013-05-13
Impact: Cross Site Scripting
Where: From remote
CVE Reference: CVE-2013-0942
... vulnerability has been reported in RSA Authentication Agent, which can be exploited by malicious people to conduct cross-site scripting attacks...
The vulnerability is reported in the following products:
* RSA Authentication Agent 7.1 for Web for Internet Information Services
* RSA Authentication Agent 7.1 for Web for Apache
Solution: Update to version 7.1.1.
Original Advisory:
http://archives.neoh...SA-2013-031.txt

- http://www.emc.com/s...t/rsa/index.htm

- https://knowledge.rsasecurity.com

- http://www.securityt....com/id/1028539
CVE Reference: CVE-2013-0942
May 10 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Solution: The vendor has issued a fix (7.1.1 for Web, 7.1.1 for Web for Internet Information Services).
Vendor URL: http://www.emc.com/s...t/rsa/index.htm

Edited by AplusWebMaster, 13 May 2013 - 06:03 AM.

[AplusWebMaster]

FYI...

RSA SecurID Agent discloses node Secret Encryption Key to Local Users
- http://www.securityt....com/id/1028573
CVE Reference: CVE-2013-0941
May 16 2013
Impact: Disclosure of authentication information
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A local user can obtain the node secret key.
Solution: The vendor has issued the following fixes:
RSA Authentication Agent for Microsoft Windows 6.4.2 and 7.0
RSA SecurID Authentication Agent 5.3 for Web for Apache Web Server
RSA SecurID Authentication Agent 5.3 for Web for Internet Information Services
RSA SecurID Agent 6.0 for PAM ...

- http://www.emc.com/s...t/rsa/index.htm

- https://knowledge.rsasecurity.com

[AplusWebMaster]

FYI...

RSA Authentication Mgr v8 P1 released
- https://secunia.com/advisories/53641/
Release Date: 2013-05-30
Impact: Exposure of sensitive information, DoS, System access
Where: From local network
Solution Status: Vendor Patch
For more information see: https://secunia.com/SA52837/
... vulnerabilities have been reported in version 8.0.
Solution: Apply patch Patch 1 (P1).
Original Advisory:
http://archives.neoh...SA-2013-040.txt

- http://www.emc.com/m...ger-8/index.htm

- http://www.emc.com/s...t/rsa/index.htm

- https://knowledge.rsasecurity.com

[AplusWebMaster]

FYI...

RSA BSAFE multiple security vulnerabilities
- http://atlas.arbor.n...ndex#1576531997
High Severity
July 19, 2013
Several security vulnerabilities in the encryption routines in the EMC RSA BSAFE software have been patched. Organizations that rely on this software are highly encouraged to upgrade and/or upgrade and modify configuration in order to decrease vulnerability exposure.
Analysis: The "Lucky Thirteen" vulnerability and the BEAST attacks on SSL/TLS have been mitigated with these releases. The BEAST attack can be mitigated with proper configuration, however such a configuration may have caused compatibility issues in the past so it helpful that an official fix has been released. Timing attacks on crypto are not new, however they aren't always practical at first. With increasing power in technology and increased research in refining attacks, crypto vulnerabilities that were previously or currently theoretical still warrant attention due to the potentially severe impact of a targeted attack leveraging such techniques.
Source: http://securityvulns...BSAFE/1307.html

- http://web.nvd.nist....d=CVE-2013-0169
- http://web.nvd.nist....d=CVE-2011-3389

- http://www.emc.com/s...t/rsa/index.htm

- https://knowledge.rsasecurity.com/

- http://www.emc.com/s...y/rsa-bsafe.htm