Main Vulnerability Database SB2014051603

SB2014051603 - Improper Authentication in Dell RSA Security Analytics

Published: May 16, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014051603

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2014-0643)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Remediation

Install update from vendor's website.

References

http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html