Vulnerability Details : CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.
Products affected by CVE-2019-3711
- cpe:2.3:a:rsa:authentication_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3711
1.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3711
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
|
5.8
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N |
1.3
|
4.0
|
Dell |
References for CVE-2019-3711
-
http://www.securityfocus.com/bid/107210
EMC RSA Authentication Manager CVE-2019-3711 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://seclists.org/fulldisclosure/2019/Mar/5
Full Disclosure: DSA-2019-038: RSA® Authentication Manager Insecure Credential Management VulnerabilityMailing List;Third Party Advisory
Jump to