'=?iso-8859-1?Q?ESA-2014-003:_RSA=AE_Data_Loss_Prevention_Improper_Session?= =?iso-8859-1?Q?_Manageme'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    =?iso-8859-1?Q?ESA-2014-003:_RSA=AE_Data_Loss_Prevention_Improper_Session?= =?iso-8859-1?Q?_Manageme
From:       Security Alert <Security_Alert () emc ! com>
Date:       2014-02-28 17:11:28
Message-ID: 37F0BE0896DB1544B5BEFBE34F79D053310449F4 () MX103CL01 ! corp ! emc ! com
[Download RAW message or body]

["ESA-2014-003.txt" (text/plain)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability


EMC Identifier: ESA-2014-003

CVE Identifier: CVE-2014-0624

Severity Rating: CVSS v2 Base Score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C)

 

Affected Products:

RSA Data Loss Prevention 9.0

RSA Data Loss Prevention 9.5

RSA Data Loss Prevention 9.6

 

Unaffected Products:

RSA Data Loss Prevention 9.6-SP2

 

Summary:  

RSA® Data Loss Prevention versions up to 9.6 SP1 contain an improper session \
management vulnerability that could potentially be exploited by malicious users to \
compromise the affected system.

 

Details:  

RSA Data Loss Prevention Enterprise Manager had an improper session handling \
mechanism which could potentially allow a lower privileged user to access \
unauthorized content of higher privileged users. 

 

Recommendation:

The following version contains the security fixes:

•        RSA Data Loss Prevention 9.6-SP2 

 

RSA strongly recommends all customers to upgrade to RSA DLP 9.6 SP2 at their earliest \
opportunity.

 



Obtaining Downloads:

To obtain the latest RSA product downloads, log on to RSA SecurCare Online at \
https://knowledge.rsasecurity.com and click Products in the top navigation menu. \
Select the specific product whose download you want to obtain. Scroll to the section \
for the product download that you want and click on the link.



Obtaining Documentation:

To obtain RSA documentation, log on to RSA SecurCare Online at \
https://knowledge.rsasecurity.com and click Products in the top navigation menu. \
Select the specific product whose documentation you want to obtain. Scroll to the \
section for the product version that you want and click the set link.



Severity Rating:

For an explanation of Severity Ratings, refer to the Knowledge Base Article, \
"Security Advisories Severity Rating" at \
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA \
recommends all customers take into account both the base score and any relevant \
temporal and environmental scores which may impact the potential severity associated \
with particular security vulnerability.



Obtaining More Information:

For more information about RSA products, visit the RSA web site at \
http://www.rsa.com.



Getting Support and Service:

For customers with current maintenance contracts, contact your local RSA Customer \
Support center with any additional questions regarding this RSA SecurCare Note. For \
contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at \
https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact \
Us - Phone tab or the Contact Us - Email tab.



General Customer Support Information:

http://www.emc.com/support/rsa/index.htm



RSA SecurCare Online:

https://knowledge.rsasecurity.com



EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. \
Please refer to the link below for additional details.  \
http://www.emc.com/support/rsa/eops/index.htm 



SecurCare Online Security Advisories

RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to \
bring to the attention of users of the affected RSA products important security \
information. RSA recommends that all users determine the applicability of this \
information to their individual situations and take appropriate action. The \
information set forth herein is provided "as is" without warranty of any kind. RSA \
disclaim all warranties, either express or implied, including the warranties of \
merchantability, fitness for a particular purpose, title and non-infringement. In no \
event shall RSA or its suppliers be liable for any damages whatsoever including \
direct, indirect, incidental, consequential, loss of business profits or special \
damages, even if RSA or its suppliers have been advised of the possibility of such \
damages. Some states do not allow the exclusion or limitation of liability for \
consequential or incidental damages so the foregoing limitation may not apply.



About RSA SecurCare Notes & Security Advisories Subscription

RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends \
you based on the RSA product family you currently use. If you'd like to stop \
receiving RSA SecurCare Notes & Security Advisories, or if you'd like to change which \
RSA product family Notes & Security Advisories you currently receive, log on to RSA \
SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. \
Following the instructions on the page, remove the check mark next to the RSA product \
family whose Notes & Security Advisories you no longer want to receive. Click the \
Submit button to save your selection.



Sincerely,

RSA Customer Support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)

iEYEARECAAYFAlMQwpoACgkQtjd2rKp+ALyfCgCg20VlBUB3SuCNcmS9AV//Ra21
KiMAoLhDjVD1mme7nngWMx56/eaImtzK
=vcx1
-----END PGP SIGNATURE-----



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic