CVE-2012-2280

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_authentication_manager::sp4::::::*
	cpe:2.3:a:emc:rsa_authentication_manager:7.0:::::::*
	cpe:2.3:a:emc:rsa_authentication_manager:7.1:::::::*
	cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3::::::
	cpe:2.3:a:rsa:authentication_manager:7.1:sp42::::::

Configuration 2 (hide)

OR	cpe:2.3:a:rsa:securid_appliance:2.0:::::::*
	cpe:2.3:a:rsa:securid_appliance:2.0.1:::::::*
	cpe:2.3:a:rsa:securid_appliance:2.0.2:::::::*
	cpe:2.3:a:rsa:securid_appliance:3.0:::::::*
	cpe:2.3:a:rsa:securid_appliance:3.0:sp2::::::
	cpe:2.3:a:rsa:securid_appliance:3.0:sp3::::::
	cpe:2.3:a:rsa:securid_appliance:3.0:sp4::::::

History

No history.

Information

Published : 2012-07-13 21:55

Updated : 2020-03-27 14:07

NVD link : CVE-2012-2280

Mitre link : CVE-2012-2280

CVE.ORG link : CVE-2012-2280

JSON object : View

Products Affected

emc

rsa_authentication_manager

rsa

securid_appliance
authentication_manager

CWE

NVD-CWE-Other

{"id": "CVE-2012-2280", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-13T21:55:02.547", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html", "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a \"Cross frame scripting vulnerability.\""}, {"lang": "es", "value": "EMC RSA Authentication Manager v7.1 anterior a SP4 y RSA SecurID Appliance v3.0 anterior a SP4 P14 no utiliza correctamente los marco (frames), permitiendo a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, relacionados con \"vulnerabilidad de secuencias de \"frames\" cruzados\""}], "lastModified": "2020-03-27T14:07:36.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_authentication_manager:*:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83D91F28-5FC8-443A-A1A7-C88503602E4E", "versionEndIncluding": "7.1"}, {"criteria": "cpe:2.3:a:emc:rsa_authentication_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "456CA398-0600-4334-A897-DB437DDB835F"}, {"criteria": "cpe:2.3:a:emc:rsa_authentication_manager:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "589D4FF7-2107-4861-BA60-114B5D6A0732"}, {"criteria": "cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "276F775A-7622-46C1-AFAB-BAD4ADB4F551"}, {"criteria": "cpe:2.3:a:rsa:authentication_manager:7.1:sp42:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D385F10C-AB0B-4E61-BB07-BFF9D747B5F2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:securid_appliance:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90D83885-3B83-468A-8C9B-5AA7D13440F3"}, {"criteria": "cpe:2.3:a:rsa:securid_appliance:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06162DAF-1332-463D-9530-8DBD58BF127D"}, {"criteria": "cpe:2.3:a:rsa:securid_appliance:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C587B0A-ABEF-4707-B83A-57CF2518467B"}, {"criteria": "cpe:2.3:a:rsa:securid_appliance:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3CBF1DA-12F7-4E33-A0E9-A8C7D4E73F04"}, {"criteria": "cpe:2.3:a:rsa:securid_appliance:3.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2FDA0CD-AB77-4E17-A255-428A8F059866"}, {"criteria": "cpe:2.3:a:rsa:securid_appliance:3.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E63B9E6-8B2E-4A9D-A2BB-2FA0CA8AAC8F"}, {"criteria": "cpe:2.3:a:rsa:securid_appliance:3.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99842813-3BC4-47C3-B107-8431B6D9B2FB"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}

5.0 /10