CVE-2016-0915

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
emcauthentication_manager_prime
3.0
emcauthentication_manager_prime
3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2016/Aug/71
http://www.securityfocus.com/bid/92394
http://www.securitytracker.com/id/1036557
http://seclists.org/bugtraq/2016/Aug/71
http://www.securityfocus.com/bid/92394
http://www.securitytracker.com/id/1036557