Detections
Analytics

EMC RSA Access Manager Information Disclosure (ESA-2014-029)

critical Nessus Plugin ID 73921

Language:

Synopsis

The remote host is potentially affected by an information disclosure vulnerability.

Description

The remote Windows host is running a version of EMC RSA Access Manager that is reportedly affected by an information disclosure vulnerability if the logging level is set to INFO. This could result in passwords being logged in plaintext.

Solution

Refer to vendor advisory ESA-2014-029 for patch information.

See Also

http://www.nessus.org/u?b59f794b

Plugin Details

Severity: Critical

ID: 73921

File Name: emc_rsa_access_manager_ESA-2014-029.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 5/8/2014

Updated: 2/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-0646

CVSS v3

Risk Factor: Critical

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:emc:rsa_access_manager

Required KB Items: installed_sw/EMC RSA Access Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2014

Vulnerability Publication Date: 4/30/2014

Reference Information

CVE: CVE-2014-0646

BID: 67172