Vulnerability Description
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Netwitness Nextgen | 9.8 |
| Emc | Rsa Security Analytics | 10.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html
- http://www.securitytracker.com/id/1029446
- http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html
- http://www.securitytracker.com/id/1029446
FAQ
What is CVE-2013-6180?
CVE-2013-6180 is a vulnerability with a CVSS score of 6.8 (MEDIUM). EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended ...
How severe is CVE-2013-6180?
CVE-2013-6180 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6180?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Netwitness Nextgen, Emc Rsa Security Analytics.