CVE-2013-6180
RSA Security Analytics 10.x < 10.3 and RSA NetWitness NextGen 9.8 - Unauthenticated Access Bypass via SA Core Request
Title source: llmDescription
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029446
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html
Scores
EPSS
0.0022
EPSS Percentile
45.1%
Details
CWE
CWE-264
Status
published
Products (4)
emc/rsa_netwitness_nextgen
9.8
emc/rsa_security_analytics
10.0
emc/rsa_security_analytics
10.1
emc/rsa_security_analytics
10.2
Published
Dec 09, 2013
Tracked Since
Feb 18, 2026