CVE-2013-6180

EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
emcrsa_netwitness_nextgen
9.8
emcrsa_security_analytics
10.0
emcrsa_security_analytics
10.1
emcrsa_security_analytics
10.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html
http://www.securitytracker.com/id/1029446
http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html
http://www.securitytracker.com/id/1029446