CVE-2015-4546
RSA Certificate Manager and RSA OneStep < 6.9 - Path Traversal via KCSOSC_ERROR_PAGE Parameter
Title source: llmDescription
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2015/Sep/135
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/133784/RSA-OneStep-6.9-Path-Traversal.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033671
Scores
EPSS
0.0340
EPSS Percentile
87.6%
Details
CWE
CWE-22
Status
published
Products (2)
emc/rsa_certificate_manager
< 6.9
emc/rsa_onestep
< 6.9
Published
Oct 02, 2015
Tracked Since
Feb 18, 2026