Vulnerability Description
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Identity Management And Governance | 6.9.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-
- http://seclists.org/bugtraq/2015/Apr/204
- http://www.securitytracker.com/id/1032218
- http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-
- http://seclists.org/bugtraq/2015/Apr/204
- http://www.securitytracker.com/id/1032218
FAQ
What is CVE-2015-0532?
CVE-2015-0532 is a vulnerability with a CVSS score of 7.5 (HIGH). EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the r...
How severe is CVE-2015-0532?
CVE-2015-0532 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0532?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Identity Management And Governance.