23 replies to this topic

[AplusWebMaster]

FYI...

RSA Authentication Agent for PAM - 7.0.2.1 patch, 7.1
- http://www.securityt....com/id/1028930
CVE Reference: CVE-2013-3271
Aug 20 2013
Impact: Host/resource access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): RSA Authentication Agent for PAM 7.0.2 and prior
Description: A vulnerability was reported in RSA Authentication Agent for PAM. A remote user can make unlimited login attempts.
The system does not restrict the number of login attempts made via the agent.
Impact: A remote user can make unlimited login attempts.
Solution: The vendor has issued a fix (RSA Authentication Agent for PAM: 7.0.2.1 patch, 7.1)...

- http://www.emc.com/s...t/rsa/index.htm

[AplusWebMaster]

FYI...

RSA Archer eGRC v5.4
- http://www.securityt....com/id/1028971
CVE Reference: CVE-2013-3276, CVE-2013-3277
Sep 3 2013
Impact: Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 5.x prior to 5.4 ...
Solution: The vendor has issued a fix (5.4).
Vendor URL: http://www.rsa.com/

- https://secunia.com/advisories/54717/
Release Date: 2013-09-04
Where: From remote
Impact: Security Bypass, Spoofing
Software: EMC RSA Archer GRC 5.x
CVE Reference(s): CVE-2013-3276, CVE-2013-3277
... weakness and the security issue are reported in versions prior to 5.4.
Solution: Update to version 5.4.
Original Advisory: ESA-2013-057:
http://archives.neoh...SA-2013-057.txt

- http://www.emc.com/s...t/rsa/index.htm

[AplusWebMaster]

FYI...

RSA Agent - Web IIS ...
- http://www.securityt....com/id/1029248
CVE Reference: https://web.nvd.nist...d=CVE-2013-3280 - 7.5 (HIGH)
Oct 25 2013
Impact: Host/resource access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7.1 and 7.1.1 for Web for IIS ...
Solution: The vendor has issued a fix (7.1.2 for Web for IIS)...

- http://www.emc.com/s...t/rsa/index.htm

[AplusWebMaster]

FYI...

RSA Data Protection Manager - 3.5.1 ...
- https://secunia.com/advisories/55823/
Release Date: 2013-11-22
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Software: RSA Data Protection Manager 3.x
CVE Reference(s): CVE-2009-3555, CVE-2013-3288
... vulnerabilities are reported in versions prior to 3.2.4.2 and prior to 3.5.1.
Solution: Update to version 3.2.4.2 or 3.5.1.
Original Advisory: ESA-2013-077:
http://archives.neoh...SA-2013-077.txt

- http://www.emc.com/s...t/rsa/index.htm
 

[AplusWebMaster]

FYI...

RSA Security Analytics 10.3 released
- http://www.securityt....com/id/1029446
CVE Reference: https://web.nvd.nist...d=CVE-2013-6180
Dec 9 2013
Impact:  User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.x prior to 10.3
Description: A vulnerability was reported in RSA Security Analytics. A remote user can access the Security Analytics core...
RSA NetWitness NextGen version 9.8 is also affected.
Solution: The vendor has issued a fix (10.3).
Vendor URL: http://www.emc.com/s...t/rsa/index.htm
 

[AplusWebMaster]

FYI...

RSA Archer GRC 5.4 released
- http://www.securityt....com/id/1029523
CVE Reference: https://web.nvd.nist...d=CVE-2013-6178
Dec 19 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (5.4 P2, 5.4 SP1)...
Vendor URL: http://www.emc.com/s...t/rsa/index.htm
 

[AplusWebMaster]

FYI...

RSA BSAFE 5.1.3, 6.0.2 released
- http://www.securityt....com/id/1029772
CVE Reference: CVE-2011-1473, CVE-2014-0625, CVE-2014-0626, CVE-2014-0627
Feb 18 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.x prior to 5.1.3; 6.0 prior to 6.0.2
Description: Several vulnerabilities were reported in RSA BSAFE SSL-J. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information...
Impact: A remote user can consume excessive CPU and memory resources on the target system.
A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (5.1.3, 6.0.2, 6.1.x)...
- http://www.emc.com/s...t/rsa/index.htm
 

[AplusWebMaster]

FYI...

RSA Authentication Mgr updated ...
- http://www.securityt....com/id/1029963
CVE Reference: CVE-2014-0623
Mar 26 2014
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.1, 8.0, 8.1
Description: A vulnerability was reported in RSA Authentication Manager. A remote user can conduct cross-frame scripting attacks. The Self-Service Console not properly filter HTML code from user-supplied input before displaying the input. A remote user can conduct cross-frame scripting attacks to obtain information from the target user's browser...
Impact: A remote user can access data recently submitted by the target user via web form to the interface or modify data acting as the target user.
Solution: The vendor has issued a fix (7.1 SP4 P32; Advisory ESA-2014-015)...
- http://www.emc.com/s...t/rsa/index.htm
___

RSA BSAFE 4.0.5
- http://www.securityt....com/id/1029955
CVE Reference: CVE-2014-0628
Mar 25 2014
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Micro Edition Suite (MES) 4.0.x prior to 4.0.5 ...
Impact: A remote user can cause the target server to crash.
Solution: The vendor has issued a fix (4.0.5).
- http://www.emc.com/s...t/rsa/index.htm
 

Edited by AplusWebMaster, 27 March 2014 - 03:25 PM.

[AplusWebMaster]

FYI...

RSA Adaptive Authentication 7.1 SP0 P2
- https://secunia.com/advisories/57676/
Release Date: 2014-04-02
Where: From remote
Impact: Cross Site Scripting
Software: RSA Adaptive Authentication 7.x
CVE Reference(s): CVE-2014-0637, CVE-2014-0638
... vulnerabilities are reported in versions prior to 7.1 SP0 P2.
Solution: Update to version 7.1 SP0 P2.
- http://www.emc.com/s...t/rsa/index.htm
___

 

- http://www.reuters.c...EA2U0TY20140331
Mar 31, 2014 - "Security industry pioneer RSA adopted not just one but -two- encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers. Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a -deliberate- flaw - or "back door" - that allowed the NSA to crack the encryption... RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did -not- prove popular and had been removed from RSA's protection software in the last six months. "We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure." Curry declined to say if the government had -paid- RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve..."

 

Edited by AplusWebMaster, 07 April 2014 - 10:36 AM.