CVE-2011-2733 - OpenCVE

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:C/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Emc	Rsa Adaptive Authentication On-premise

Configuration 1 [-]

OR	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3::::::

References

Link	Resource
http://securityreason.com/securityalert/8344
http://www.securityfocus.com/archive/1/519346/100/0/threaded
http://www.securityfocus.com/bid/49574

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2011-08-18T23:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2011-07-13T00:00:00

Link: CVE-2011-2733

JSON object: View

NVD Information

Status : Modified

Published: 2011-08-18T23:55:00.710

Modified: 2018-10-09T19:32:56.057

Link: CVE-2011-2733

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "49574", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49574"}, {"name": "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded"}, {"name": "8344", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8344"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2011-2733", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "49574", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49574"}, {"name": "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded"}, {"name": "8344", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8344"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2011-2733", "datePublished": "2011-08-18T23:00:00", "dateReserved": "2011-07-13T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*", "matchCriteriaId": "F97E490D-12E8-420C-990E-2BB4B97D86D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*", "matchCriteriaId": "7E18C647-3264-46A0-8411-4DB02E470217", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "30CE0F82-18A5-4E1F-B096-8A85AF85F4C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*", "matchCriteriaId": "250D48AB-3B67-402F-AE85-DF8B12E10D32", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "504CA1D2-9915-4ABF-9D08-C8ED5F86F34A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information."}, {"lang": "es", "value": "EMC RSA Adaptive Authentication On-Premise (AAOP) v6.0.2.1 SP1 Patch2, SP1 Patch3, SP2, SP2 Patch1 y Service Pack 3 no impide la reutilizaci\u00f3n de la informaci\u00f3n de autenticaci\u00f3n durante una sesi\u00f3n, lo que permite eludir las restricciones de acceso, a usuarios remotos autenticados, a trav\u00e9s de vectores relacionados con el conocimiento de la informaci\u00f3n de autenticaci\u00f3n utilizado originalmente y con informaci\u00f3n de sesi\u00f3n no especificada."}], "evaluatorSolution": "Per: http://www.securityfocus.com/archive/1/archive/1/519346/100/0/threaded\r\n\r\n\r\nWe strongly recommend that RSA customers should obtain the following hot fixes:\r\n\r\nRSA AAOP 6.0.2.1 SP1 Patch 2 customers should obtain Hotfix 430 from SecurCare Online.\r\n\r\nRSA AAOP 6.0.2.1 SP1 Patch 3 customers should obtain Hotfix 130 from SecurCare Online.\r\n\r\nRSA AAOP 6.0.2.1 SP2 customers should obtain Hotfix 360 from SecurCare Online.\r\n\r\nRSA AAOP 6.0.2.1 SP2 Patch 1 customers should obtain Hotfix 140 from SecurCare Online.\r\n\r\nRSA AAOP 6.0.2.1 SP3 customers should obtain Hotfix 130 from SecurCare Online.\r\n", "id": "CVE-2011-2733", "lastModified": "2018-10-09T19:32:56.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:C/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-08-18T23:55:00.710", "references": [{"source": "security_alert@emc.com", "url": "http://securityreason.com/securityalert/8344"}, {"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded"}, {"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/49574"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}