- Description
- The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
- Source
- security_alert@emc.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:P
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:authentication_manager_prime:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57372993-AEF4-4B95-B2DC-B8ADE4B7E83C"
},
{
"criteria": "cpe:2.3:a:emc:authentication_manager_prime:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3285D3F9-F55D-4D29-8400-D1A2C5F7FD78"
}
],
"operator": "OR"
}
]
}
]