| New User, Welcome! Login |
Next Page >>
Security Advisories
Credits:
RSA would like to thank Filip Palian for reporting issues under
CVE-2012-0399, CVE-2012-0400, CVE-2012-0401 and CVE-2012-0402.
For more information on CVSS scoring, please see the Knowledge Base
Article, "Security Advisories Severity Rating" at
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?
solution=a46604 . RSA recommends that all customers take into account both
the base score and any relevant temporal and environmental scores, which
may impact the potential severity
associated with a particular security vulnerability.
Customers using RSA Authentication Client and PKCS#11 to store SENSITIVE and NON-EXTRACTABLE secret key objects on RSA SecurID 800 authenticators should upgrade to RSA Authentication Client 3.5.3 as soon as possible. Customers using RSA Authentication Client and the RSA SecurID 800 authenticator for any other purposes are not impacted by this announcement and do not need to upgrade at this time.
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) score for the item identified in this advisory is 1.5 (AV:L/AC:M/Au:S/C:P/I:N/A:N). For more information on CVSS scoring, please see the Knowledge Base Article, "Security Advisories Severity Rating" at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Credits:
RSA would like to thank Graham Steele, LSV, INRIA & CNRS & ENS-Cachan as well as Matteo Bortolozzo, Matteo Centenaro and Riccardo Focardi, Universita Ca'Foscari for reporting this issue.
CVE-2011-2737: CVSSv2 Base Score is 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, "Security Advisories Severity Rating" at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604 .
Obtaining Downloads:
Common Vulnerability Scoring System (CVSS) Score:
The Common Vulnerability Scoring System (CVSS) base score for the items identified in this advisory is 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N). EMC recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Credit:
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) Base Score for the items identified in this advisory is: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C). RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Documentation:
•Security Hot fix RSA Access Manager Agent hot fix 4.7.1.7 or greater
This security hot fix for RSA Access Manager Agent is available immediately. As of the date of this RSA SecurCare® Online Security Advisory, RSA is not aware of any security breaches that have occurred as a result of this vulnerability.
Common Vulnerability Scoring System (CVSS) Base Score is 5.7 (AV:A/AC:M/Au:N/C:C/I:N/A:N). For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) Base Score for the items identified in this advisory is: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N). EMC recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, "Security Advisories Severity Rating" at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Downloads:
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) base score for the items identified in this advisory is 7. 5 (AV:N/AC:L/Au:N/C:P/I:P/A:P). RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604
Obtaining Downloads:
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, "Security Advisories Severity Rating" at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Downloads:
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) base score for the items identified in this advisory is 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P). RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, "Security Advisories Severity Rating" at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Downloads:
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) Base Score for the items identified in this advisory is 4.8 (AV:L/AC:M/Au:M/C:N/I:P/A:C). For more information on CVSS scoring, please see the Knowledge Base Article, "Security Advisories Severity Rating" at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Affected Products:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details.
http://www.rsa.com/node.aspx?id=2575
SecurCare Online Security Advisories
RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) Base Score for the items identified in this advisory is: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P). RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Downloads:
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) Base Score for the items
identified in this advisory is 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N).
For more information on CVSS scoring, please see the Knowledge Base
Article, “Security Advisories Severity Rating” at
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Credits:
RSA would like to thank Tim Brown of Portcullis Computer Security Ltd for
reporting this issue.
Common Vulnerability Scoring System (CVSS) Score:
The Common Vulnerability Scoring System (CVSS) base score for the items identified in this advisory is 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N). EMC recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, "Security Advisories Severity Rating" at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Credit:
•Security Hot fix # 6.1.2.01 for RSA Access Manager Server version 6.1
The security hot fixes for RSA Access Manager Servers are available immediately. As of the date of this RSA SecurCare® Online Security Advisory, RSA is not aware of any security breaches that have occurred as a result of this vulnerability.
Common Vulnerability Scoring System (CVSS) Base Score is 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N). For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Documentation:
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) Base Score for the items
identified in this advisory is 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P). For more
information on CVSS scoring, please see the Knowledge Base Article,
"Security Advisories Severity Rating" at
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604
.
The Common Vulnerability Scoring System (CVSS) Base Score for the items
identified in this advisory is 4 (AV:N/AC:L/Au:N/C:P/I:P/A:P) For more
information on
CVSS scoring, please see the Knowledge Base Article, "Security
Advisories Severity Rating" at
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?
solution=a46604.
CVE-2011-2741: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Obtaining Downloads:
Common Vulnerability Scoring System (CVSS) Base Score:
The Common Vulnerability Scoring System (CVSS) Base Score for CVE-2011-4141 is: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C). RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
For more information on CVSS scoring, please see the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Credits:
This advisory is posted at the following link
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
Note: The March 25, 2009, Cisco IOS Security Advisory bundled
publication includes eight Security Advisories. All of the advisories
address vulnerabilities in Cisco IOS Software. Each advisory lists
the releases that correct the vulnerability or vulnerabilities in the
advisory. The following table lists releases that correct all Cisco
IOS Software vulnerabilities that have been published in Cisco
Security Advisories on March 25, 2009, or earlier.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
Note: The March 25, 2009, Cisco IOS Security Advisory bundled
publication includes eight Security Advisories. All of the advisories
address vulnerabilities in Cisco IOS Software. Each advisory lists
the releases that correct the vulnerability or vulnerabilities in the
advisory. The following table lists releases that correct all Cisco
IOS Software vulnerabilities that have been published in Cisco
Security Advisories on March 25, 2009, or earlier.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
Note: The March 25, 2009, Cisco IOS Security Advisory bundled
publication includes eight Security Advisories. All of the advisories
address vulnerabilities in Cisco IOS Software. Each advisory lists
the releases that correct the vulnerability or vulnerabilities in the
advisory. The following table lists releases that correct all Cisco
IOS Software vulnerabilities that have been published in Cisco
Security Advisories on March 25, 2009, or earlier.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml
Note: The March 25, 2009, Cisco IOS Security Advisory bundled
publication includes eight Security Advisories. All of the advisories
address vulnerabilities in Cisco IOS Software. Each advisory lists
the releases that correct the vulnerability or vulnerabilities in the
advisory. The following table lists releases that correct all Cisco
IOS Software vulnerabilities that have been published in Cisco
Security Advisories on March 25, 2009, or earlier.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
Note: The March 25, 2009, Cisco IOS Security Advisory bundled
publication includes eight Security Advisories. All of the advisories
address vulnerabilities in Cisco IOS Software. Each advisory lists
the releases that correct the vulnerability or vulnerabilities in the
advisory. The following table lists releases that correct all Cisco
IOS Software vulnerabilities that have been published in Cisco
Security Advisories on March 25, 2009, or earlier.
More Detailed Information:
More details, slides and tools are available here:
http://www.mulliner.org/nfc/
Security Advisories:
http://mulliner.org/security/advisories/
--- END ADVISORY ---
--
Credits:
EMC would like to thank Sebastian Apelt (www.siberas.de) working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting these issues.
For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
EMC Product Security Response Center
Security_Alert@EMC.com
http://www.emc.com/contact-us/contact/product-security-response-center.htm
ACROS Security PGP Key
http://www.acrossecurity.com/pgpkey.asc
[Fingerprint: FE9E 0CFB CE41 36B0 4720 C4F1 38A3 F7DD]
ACROS Security Advisories
http://www.acrossecurity.com/advisories.htm
ACROS Security Papers
http://www.acrossecurity.com/papers.htm
Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
EMC Product Security Response Center
Security_Alert@EMC.com
http://www.emc.com/contact-us/contact/product-security-response-center.htm
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
Next Page>>
|
|
|
