Vulnerabilities > RSA

DATE CVE VULNERABILITY TITLE RISK
2006-09-26 CVE-2006-4991 Unspecified vulnerability in RSA Keon Certificate Authority Manager 6.5.1/6.6
RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation.
local
low complexity
rsa
3.6
2005-12-31 CVE-2005-4734 Remote Stack Based Buffer Overflow vulnerability in RSA Authentication Agent IISWebAgentIF.DLL
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
network
low complexity
rsa
6.4
2005-10-27 CVE-2005-3329 Cross-Site Scripting vulnerability in RSA ACE Agent Image
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.
network
rsa
4.3
2005-05-06 CVE-2005-1471 Unspecified vulnerability in RSA Securid web Agent 5/5.2/5.3
Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data.
network
low complexity
rsa
7.5
2005-04-14 CVE-2005-1118 Remote Cross-Site Scripting vulnerability in RSA Authentication Agent for web 5.2
Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.
network
rsa
4.3
2003-07-24 CVE-2003-0389 Unspecified vulnerability in RSA ACE Agent 5.0
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
network
rsa
4.3
2002-08-12 CVE-2002-0507 Improper Authentication vulnerability in multiple products
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
local
low complexity
microsoft rsa CWE-287
2.1
2001-10-24 CVE-2001-1462 Information Disclosure vulnerability in RSA Securid 5.0
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
network
low complexity
rsa
7.5
2001-10-22 CVE-2001-1461 Directory Traversal vulnerability in RSA Securid 5.0
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /..
network
low complexity
rsa
7.5
1999-12-01 CVE-1999-0834 Unspecified vulnerability in RSA Rsaref 2.0
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
network
low complexity
rsa
critical
10.0