CVE-2013-6180
Published Dec 9, 2013
Last updated 11 years ago
Overview
- Description
- EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
- Source
- security_alert@emc.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_netwitness_nextgen:9.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12A0654C-F8C4-4B98-99A8-68444F58F846"
},
{
"criteria": "cpe:2.3:a:emc:rsa_security_analytics:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C264FDBA-A31E-4453-9700-556CD5D247A8"
},
{
"criteria": "cpe:2.3:a:emc:rsa_security_analytics:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20931B04-A6E1-4A86-8CBF-A7527FA14803"
},
{
"criteria": "cpe:2.3:a:emc:rsa_security_analytics:10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D982272F-FA17-48B3-81CA-5E0B40F1E9B7"
}
],
"operator": "OR"
}
]
}
]