CVE-2013-6180

Published: Dec 9, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.

Affected (4)

Products: Emc: Rsa Netwitness Nextgen, Rsa Security Analytics

Emc

2 products

Rsa Netwitness Nextgen

Rsa Security Analytics

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Emc Rsa Netwitness Nextgen	Version 9.8
Emc Rsa Security Analytics	Version 10.0
Emc Rsa Security Analytics	Version 10.1
Emc Rsa Security Analytics	Version 10.2

Related CWEs

CWE-264

References (4)

http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html

Source: security_alert@emc.com

http://www.securitytracker.com/id/1029446

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1029446

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.