CVE-2012-2281

Published: Jul 5, 2012Modified: Apr 29, 2026

6.8

Vector

AV:A/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 3.2 / Impact: 10.0

Source: NVD

Description

EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.

Affected (6)

Products: Rsa: Access Manager Agent, Access Manager Server

Rsa

2 products

Access Manager Agent

Access Manager Server

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Rsa Access Manager Agent	All versions
Rsa Access Manager Server	Version 6.0
Rsa Access Manager Server	Version 6.1
Rsa Access Manager Server	Version 6.1 sp1
Rsa Access Manager Server	Version 6.1 sp2
Rsa Access Manager Server	Version 6.1 sp3

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://archives.neohapsis.com/archives/bugtraq/2012-07/0037.html

Source: security_alert@emc.com

http://www.securitytracker.com/id?1027220

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2012-07/0037.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027220

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.