CVE-2014-0624 - OpenCVE

EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Rsa Data Loss Prevention

Configuration 1 [-]

OR	cpe:2.3:a:emc:rsa_data_loss_prevention:9.0:::::::*
	cpe:2.3:a:emc:rsa_data_loss_prevention:9.5:::::::*
	cpe:2.3:a:emc:rsa_data_loss_prevention:9.6:::::::*

No data.

References

Link	Providers
http://seclists.org/bugtraq/2014/Mar/8

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2014-03-06T11:00:00

Updated: 2024-08-06T09:20:20.046Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0624

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-03-06T11:55:05.177

Modified: 2014-03-07T19:17:23.473

Link: CVE-2014-0624

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-06T09:57:00", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20140228 ESA-2014-003: RSA Data Loss Prevention Improper Session Management Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2014/Mar/8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2014-0624", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140228 ESA-2014-003: RSA Data Loss Prevention Improper Session Management Vulnerability", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2014/Mar/8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:20:20.046Z"}, "title": "CVE Program Container", "references": [{"name": "20140228 ESA-2014-003: RSA Data Loss Prevention Improper Session Management Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2014/Mar/8"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2014-0624", "datePublished": "2014-03-06T11:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:20:20.046Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}