CVE-2019-3711 - Vulnerability Details - OpenCVE

RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01165.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Rsa Authentication Manager
Rsa	Authentication Manager

Configuration 1 [-]

OR	cpe:2.3:a:emc:rsa_authentication_manager:8.4:-::::::
	cpe:2.3:a:rsa:authentication_manager::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-13346	RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/107210
https://seclists.org/fulldisclosure/2019/Mar/5

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2019-03-13T22:00:00Z

Updated: 2024-09-16T20:17:34.908Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3711

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-13T21:29:00.353

Modified: 2024-11-21T04:42:22.957

Link: CVE-2019-3711

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "RSA Authentication Manager", "vendor": "Dell", "versions": [{"lessThan": "P1", "status": "affected", "version": "8.4", "versionType": "custom"}]}], "datePublic": "2019-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "insecure credential management", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-14T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20190228 DSA-2019-038: RSA Authentication Manager Insecure Credential Management Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "https://seclists.org/fulldisclosure/2019/Mar/5"}, {"name": "107210", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107210"}], "source": {"discovery": "UNKNOWN"}, "title": "DSA-2019-038: RSA\u00ae Authentication Manager Insecure Credential Management Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-02-28T05:00:00.000Z", "ID": "CVE-2019-3711", "STATE": "PUBLIC", "TITLE": "DSA-2019-038: RSA\u00ae Authentication Manager Insecure Credential Management Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSA Authentication Manager", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "8.4", "version_value": "P1"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "insecure credential management"}]}]}, "references": {"reference_data": [{"name": "20190228 DSA-2019-038: RSA Authentication Manager Insecure Credential Management Vulnerability", "refsource": "FULLDISC", "url": "https://seclists.org/fulldisclosure/2019/Mar/5"}, {"name": "107210", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107210"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:17.488Z"}, "title": "CVE Program Container", "references": [{"name": "20190228 DSA-2019-038: RSA Authentication Manager Insecure Credential Management Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2019/Mar/5"}, {"name": "107210", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107210"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2019-3711", "datePublished": "2019-03-13T22:00:00Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T20:17:34.908Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*", "matchCriteriaId": "EF61F8BF-7483-4A81-9219-EE2465D48182", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsa:authentication_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CD5FF51-B834-4181-B635-BCF6CF616CCD", "versionEndExcluding": "8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks."}, {"lang": "es", "value": "RSA Authentication Manager, en CVErsiones anteriores a la 8.4 P1, contiene una vulnerabilidad de gesti\u00f3n insegura de credenciales. Un administrador malicioso de la consola de operaciones podr\u00eda ser capaz de obtener el valor de una contrase\u00f1a de dominio que hab\u00eda sido establecida por otro administrador de la consola de operaciones y emplearla para ataques."}], "id": "CVE-2019-3711", "lastModified": "2024-11-21T04:42:22.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-13T21:29:00.353", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107210"}, {"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2019/Mar/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2019/Mar/5"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}