[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: =?iso-8859-1?Q?ESA-2014-003:_RSA=AE_Data_Loss_Prevention_Improper_Session?= =?iso-8859-1?Q?_Manageme
From: Security Alert <Security_Alert () emc ! com>
Date: 2014-02-28 17:11:28
Message-ID: 37F0BE0896DB1544B5BEFBE34F79D053310449F4 () MX103CL01 ! corp ! emc ! com
[Download RAW message or body]
["ESA-2014-003.txt" (text/plain)]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
EMC Identifier: ESA-2014-003
CVE Identifier: CVE-2014-0624
Severity Rating: CVSS v2 Base Score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C)
Affected Products:
RSA Data Loss Prevention 9.0
RSA Data Loss Prevention 9.5
RSA Data Loss Prevention 9.6
Unaffected Products:
RSA Data Loss Prevention 9.6-SP2
Summary:
RSA® Data Loss Prevention versions up to 9.6 SP1 contain an improper session \
management vulnerability that could potentially be exploited by malicious users to \
compromise the affected system.
Details:
RSA Data Loss Prevention Enterprise Manager had an improper session handling \
mechanism which could potentially allow a lower privileged user to access \
unauthorized content of higher privileged users.
Recommendation:
The following version contains the security fixes:
• RSA Data Loss Prevention 9.6-SP2
RSA strongly recommends all customers to upgrade to RSA DLP 9.6 SP2 at their earliest \
opportunity.
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at \
https://knowledge.rsasecurity.com and click Products in the top navigation menu. \
Select the specific product whose download you want to obtain. Scroll to the section \
for the product download that you want and click on the link.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at \
https://knowledge.rsasecurity.com and click Products in the top navigation menu. \
Select the specific product whose documentation you want to obtain. Scroll to the \
section for the product version that you want and click the set link.
Severity Rating:
For an explanation of Severity Ratings, refer to the Knowledge Base Article, \
"Security Advisories Severity Rating" at \
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA \
recommends all customers take into account both the base score and any relevant \
temporal and environmental scores which may impact the potential severity associated \
with particular security vulnerability.
Obtaining More Information:
For more information about RSA products, visit the RSA web site at \
http://www.rsa.com.
Getting Support and Service:
For customers with current maintenance contracts, contact your local RSA Customer \
Support center with any additional questions regarding this RSA SecurCare Note. For \
contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at \
https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact \
Us - Phone tab or the Contact Us - Email tab.
General Customer Support Information:
http://www.emc.com/support/rsa/index.htm
RSA SecurCare Online:
https://knowledge.rsasecurity.com
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. \
Please refer to the link below for additional details. \
http://www.emc.com/support/rsa/eops/index.htm
SecurCare Online Security Advisories
RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to \
bring to the attention of users of the affected RSA products important security \
information. RSA recommends that all users determine the applicability of this \
information to their individual situations and take appropriate action. The \
information set forth herein is provided "as is" without warranty of any kind. RSA \
disclaim all warranties, either express or implied, including the warranties of \
merchantability, fitness for a particular purpose, title and non-infringement. In no \
event shall RSA or its suppliers be liable for any damages whatsoever including \
direct, indirect, incidental, consequential, loss of business profits or special \
damages, even if RSA or its suppliers have been advised of the possibility of such \
damages. Some states do not allow the exclusion or limitation of liability for \
consequential or incidental damages so the foregoing limitation may not apply.
About RSA SecurCare Notes & Security Advisories Subscription
RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends \
you based on the RSA product family you currently use. If you'd like to stop \
receiving RSA SecurCare Notes & Security Advisories, or if you'd like to change which \
RSA product family Notes & Security Advisories you currently receive, log on to RSA \
SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. \
Following the instructions on the page, remove the check mark next to the RSA product \
family whose Notes & Security Advisories you no longer want to receive. Click the \
Submit button to save your selection.
Sincerely,
RSA Customer Support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)
iEYEARECAAYFAlMQwpoACgkQtjd2rKp+ALyfCgCg20VlBUB3SuCNcmS9AV//Ra21
KiMAoLhDjVD1mme7nngWMx56/eaImtzK
=vcx1
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic