You are here

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password

August 29, 2011 - 3:45am

Addthis

PROBLEM:

Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox.

PLATFORM:

RSA enVision Version(s): 3.x, 4.x

ABSTRACT:

RSA enVision lets remote users view files and remote authenticated users obtain password.

reference LINKS:

SecurityTracker Alert ID: 1025979
CVE-2011-2736
CVE-2011-2737
RSA enVision
Product Security

IMPACT ASSESSMENT:

Medium

Discussion:

Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain administrative passwords. A remote authenticated user can view administrative credentials in Task Escalation emails [CVE-2011-2736]. Only version 4.x is affected. A remote user can view arbitrary files on target system [CVE-2011-2737].

Impact:

A remote user can view files on the target system. A remote authenticated user can obtain administrative passwords.

Solution:

RSA strongly recommends that enVision customers upgrade to RSA enVision 4 SP4 P3 which contains the resolution for both issues

To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. RSA SecurCare Online Logon

 

Addthis