SecurID Authentication Manager update for third-party components
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 19 |
| CVE-ID | CVE-2022-20785 CVE-2022-21564 CVE-2022-21560 CVE-2022-21557 CVE-2022-21548 CVE-2021-40690 CVE-2020-36518 CVE-2021-26291 CVE-2022-20770 CVE-2022-1012 CVE-2022-20771 CVE-2022-27782 CVE-2022-23308 CVE-2022-29824 CVE-2017-16932 CVE-2022-28733 CVE-2022-28734 CVE-2022-1586 CVE-2022-28748 |
| CWE-ID | CWE-401 CWE-20 CWE-200 CWE-787 CWE-346 CWE-835 CWE-303 CWE-416 CWE-190 CWE-400 CWE-191 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SecurID Authentication Manager Server applications / Directory software, identity management |
| Vendor | RSA |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU62798
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20785
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when parsing HTML files. A remote attacker can pass specially crafted HTML file to the antivirus software, trigger memory leak and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU65492
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21564
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Web Services component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU65491
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21560
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU65490
Risk: Low
CVSSv4.0: 3.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21557
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Web Container component in Oracle WebLogic Server. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU65488
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21548
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU58198
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-40690
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. A remote attacker can abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU61799
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-36518
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Origin validation error
EUVDB-ID: #VU62492
Risk: High
CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-26291
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to Apache Maven follows by default all repositories that are defined in a dependency’s Project Object Model (pom), including repositories accessible over HTTP protocol (e.g. without TLS encryption). A remote attacker can perform MitM attack and compromise the application.
Install update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Infinite loop
EUVDB-ID: #VU62800
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20770
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the CHM file parser. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU64079
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1012
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Infinite loop
EUVDB-ID: #VU62802
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20771
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the TIFF file parser. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Incorrect Implementation of Authentication Algorithm
EUVDB-ID: #VU63009
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-27782
CWE-ID:
CWE-303 - Incorrect Implementation of Authentication Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.
Install update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU60922
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-23308
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing ID and IDREF attributes in valid.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Integer overflow
EUVDB-ID: #VU62741
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-29824
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource exhaustion
EUVDB-ID: #VU9542
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16932
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in parser.c function due to improper handling of certain parameter entities. A remote attacker can supply specially constructed XML data, trigger resource exhaustion and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Integer underflow
EUVDB-ID: #VU64062
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28733
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow when processing IP packets within the grub_net_recv_ip4_packets() function. A remote attacker can send specially crafted network traffic to the affected system, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds write
EUVDB-ID: #VU64063
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-28734
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing split HTTP headerst. A remote attacker can send specially crafted traffic to the affected system, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU63945
Risk: Medium
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1586
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU63419
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-28748
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due memory leak when working with ax88179_178a devices. An attacker with physical access to the system can inject a malicious USB-drive and remotely obtain data from kernel memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecurID Authentication Manager: 8.6 - 8.7
CPE2.3- cpe:2.3:a:rsa:securid_authentication_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 1:*:*:*:*:*:*
- cpe:2.3:a:rsa:securid_authentication_manager:8.6:Patch 2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
