You are here

U-090: RSA enVision Discloses Environment Variable Information to Remote Users

January 27, 2012 - 6:00am

Addthis

PROBLEM:

A vulnerability was reported in RSA enVision

PLATFORM:

Version(s): 4.0 prior to 4.0 SP4 P5, 4.1 prior to 4.1 P3

ABSTRACT:

A remote user can view potentially sensitive data on the target system.

reference LINKS:

CVE-2011-4143
SecurityTracker Alert ID: 1026591
Secunia Advisory

IMPACT ASSESSMENT:

Medium

Discussion:

The security issue is caused due to the application disclosing certain environment variables containing web system setup information via the web interface. Further information about this resolution and other fixes can be found in the Release Notes associated with RSA enVision 4.1, Patch 3 and enVision V4.0 Service Pack 4 Patch 5.

Impact:

Exposure of sensitive information

Solution:

Update to version 4.1 Patch 3 or 4.0 Service Pack 4 Patch.

Addthis