Vulnerabilities > CVE-2014-0624 - Unspecified vulnerability in EMC RSA Data Loss Prevention 9.0/9.5/9.6
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE low complexity
emc
Summary
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65914 CVE(CAN) ID: CVE-2014-0624 RSA Data Loss Prevention可以发现和监控敏感数据(如客户信用卡数据、员工 PII 或公司知识产权)的位置和流。 通过电子邮件、Web、PC、智能手机等培训终端用户并实施控制措施,防止敏感数据丢失。 RSA Data Loss Prevention 9.0, 9.5, 9.6, 9.6 SP1版本在实现上存在不安全的会话管理机制,这可使较低权限的用户访问高级别用户可以访问的内容。 0 EMC Data Loss Prevention 9.6 EMC Data Loss Prevention 9.5 EMC Data Loss Prevention 9.0 厂商补丁: EMC --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.emc.com/products-solutions/index.htm |
| id | SSV:61640 |
| last seen | 2017-11-19 |
| modified | 2014-03-05 |
| published | 2014-03-05 |
| reporter | Root |
| title | EMC RSA Data Loss Prevention不安全会话管理权限提升漏洞 |