CVE-2012-2281
RSA Access Manager Agent and Server - Improper Session Token Validation
Title source: llmDescription
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-07/0037.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027220
Scores
EPSS
0.0068
EPSS Percentile
47.8%
Details
CWE
CWE-287
Status
published
Products (3)
rsa/access_manager_agent
rsa/access_manager_server
6.0
rsa/access_manager_server
6.1 (4 CPE variants)
Published
Jul 05, 2012
Tracked Since
Feb 18, 2026