Improper Authentication in RSA Identity Management and Governance - CVE-2014-4619
Published: August 28, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41364
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2014-4619
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: RSA
Affected software:
RSA Identity Management and Governance
RSA Identity Management and Governance
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username.
How to mitigate CVE-2014-4619
Install update from vendor's website.
Sources
- http://archives.neohapsis.com/archives/bugtraq/2014-08/0133.html
- http://packetstormsecurity.com/files/128005/RSA-Identity-Management-And-Governance-Authentication-Bypass.html
- http://secunia.com/advisories/60281
- http://www.securityfocus.com/bid/69411
- http://www.securitytracker.com/id/1030759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95483