CVE-2016-0915 - OpenCVE

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Authentication Manager Prime

Configuration 1 [-]

OR	cpe:2.3:a:emc:authentication_manager_prime:3.0:::::::*
	cpe:2.3:a:emc:authentication_manager_prime:3.1:::::::*

No data.

References

Link	Providers
http://seclists.org/bugtraq/2016/Aug/71
http://www.securityfocus.com/bid/92394
http://www.securitytracker.com/id/1036557

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2016-08-22T10:00:00

Updated: 2024-08-05T22:38:41.049Z

Reserved: 2015-12-17T00:00:00

Link: CVE-2016-0915

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2016-08-22T10:59:00.137

Modified: 2020-08-27T18:42:46.163

Link: CVE-2016-0915

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a \"direct object reference vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-15T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "92394", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92394"}, {"name": "20160806 ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2016/Aug/71"}, {"name": "1036557", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036557"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-0915", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a \"direct object reference vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92394", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92394"}, {"name": "20160806 ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2016/Aug/71"}, {"name": "1036557", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036557"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:38:41.049Z"}, "title": "CVE Program Container", "references": [{"name": "92394", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92394"}, {"name": "20160806 ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2016/Aug/71"}, {"name": "1036557", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036557"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-0915", "datePublished": "2016-08-22T10:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:38:41.049Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:authentication_manager_prime:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "57372993-AEF4-4B95-B2DC-B8ADE4B7E83C", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:authentication_manager_prime:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3285D3F9-F55D-4D29-8400-D1A2C5F7FD78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a \"direct object reference vulnerability.\""}, {"lang": "es", "value": "El Self-Service Portal en EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 y 3.1 en versiones anteriores a 3.1 1915.42871 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (cambio de PIN para un usuario arbitrario) a trav\u00e9s de un n\u00famero de serie de token modificado dentro de una petici\u00f3n de cambio de PIN, relacionado con una \"vulnerabilidad de referencia de objeto directo\"."}], "id": "CVE-2016-0915", "lastModified": "2020-08-27T18:42:46.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-22T10:59:00.137", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/bugtraq/2016/Aug/71"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92394"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036557"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}