CVE-2011-2740

EMC RSA Key Manager Appliance 2.7 SP1 - Session Fixation via Firefox Logout Handling

Title source: llm
STIX 2.1

Description

EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8529
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520381
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026276

Scores

EPSS 0.0272
EPSS Percentile 86.1%

Details

CWE
CWE-264
Status published
Products (1)
emc/rsa_key_manager_appliance 2.7 sp1
Published Nov 09, 2011
Tracked Since Feb 18, 2026