CVE-2013-6180

EUVD-2013-6009
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
emcrsa_netwitness_nextgen
9.8
emcrsa_security_analytics
10.0
emcrsa_security_analytics
10.1
emcrsa_security_analytics
10.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html
http://www.securitytracker.com/id/1029446
http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html
http://www.securitytracker.com/id/1029446