Vulnerability Details : CVE-2012-0400
EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Vulnerability category: BypassGain privilege
Products affected by CVE-2012-0400
- cpe:2.3:a:rsa:envision:4.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:rsa:envision:4.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:rsa:envision:4.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:rsa:envision:4.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:rsa:envision:4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0400
1.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0400
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.9
|
HIGH | AV:A/AC:M/Au:N/C:C/I:C/A:C |
5.5
|
10.0
|
NIST |
CWE ids for CVE-2012-0400
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0400
-
http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html
-
http://www.securitytracker.com/id?1026819
RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74140
RSA enVision excessive authentication attempts brute force CVE-2012-0400 Vulnerability Report
-
http://www.securityfocus.com/bid/52557
RSA enVision Multiple Security Vulnerabilities
Jump to