Vulnerabilities > RSA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-05 | CVE-2013-0931 | Configuration vulnerability in RSA Authentication Agent for Windows 7.1/7.1.1 EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. | 5.4 |
| 2012-07-13 | CVE-2012-2280 | EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." | 5.0 |
| 2012-07-13 | CVE-2012-2279 | Improper Input Validation vulnerability in multiple products Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.4 |
| 2012-07-13 | CVE-2012-2278 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-07-05 | CVE-2012-2281 | Improper Authentication vulnerability in RSA Access Manager Agent and Access Manager Server EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. | 6.8 |
| 2012-03-20 | CVE-2012-0403 | Path Traversal vulnerability in RSA Envision 4.0/4.1 Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | 6.3 |
| 2012-03-20 | CVE-2012-0401 | SQL Injection vulnerability in RSA Envision 4.0/4.1 Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2012-03-20 | CVE-2012-0399 | Cross-Site Scripting vulnerability in RSA Envision 4.0/4.1 Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-01-27 | CVE-2011-4143 | Information Exposure vulnerability in RSA Envision 4.0/4.1 EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | 5.0 |
| 2011-08-25 | CVE-2011-2737 | Information Exposure vulnerability in RSA Envision RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability." | 5.0 |