PT-2014-3741 · Emc · Emc Rsa Access Manager

Published

2014-05-01

Updated

2014-05-02

CVE-2014-0646

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC RSA Access Manager versions 6.1.3 through 6.1.3.38 EMC RSA Access Manager versions 6.1.4 through 6.1.4.21 EMC RSA Access Manager versions 6.2.0 through 6.2.0.10 EMC RSA Access Manager versions 6.2.1 through 6.2.1.02

Description The issue allows local users to discover cleartext passwords by reading log files when INFO logging is enabled in the runtime WS component of the server.

Recommendations For EMC RSA Access Manager version 6.1.3, update to version 6.1.3.39 or later. For EMC RSA Access Manager version 6.1.4, update to version 6.1.4.22 or later. For EMC RSA Access Manager version 6.2.0, update to version 6.2.0.11 or later. For EMC RSA Access Manager version 6.2.1, update to version 6.2.1.03 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2014-0646

Affected Products

Emc Rsa Access Manager

PT-2014-3741 · Emc · Emc Rsa Access Manager

CVE-2014-0646

Weakness Enumeration

Related Identifiers

Affected Products

References · 2