[이미지출처: Governance Risk and Compliance as a Unified and Automated Model]
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| Back to top | ||||
| 3s-software -- codesys_gateway-server | Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | 2013-05-23 | 10.0 | CVE-2013-2781 |
| angusj -- resource_hacker | Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many tab or line feed characters. | 2013-05-23 | 9.3 | CVE-2012-6553 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. | 2013-05-24 | 9.3 | CVE-2013-0986 |
| apple -- quicktime | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file. | 2013-05-24 | 9.3 | CVE-2013-0987 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file. | 2013-05-24 | 9.3 | CVE-2013-0988 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file. | 2013-05-24 | 9.3 | CVE-2013-0989 |
| apple -- quicktime | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file. | 2013-05-24 | 9.3 | CVE-2013-1015 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding. | 2013-05-24 | 9.3 | CVE-2013-1016 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1017 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | 2013-05-24 | 9.3 | CVE-2013-1018 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | 2013-05-24 | 9.3 | CVE-2013-1019 |
| apple -- quicktime | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1020 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1021 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1022 |
| freenac -- freenac | SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter. | 2013-05-23 | 7.5 | CVE-2012-6560 |
| google -- chrome | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2836 |
| google -- chrome | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2837 |
| google -- chrome | Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2839 |
| google -- chrome | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846. | 2013-05-22 | 7.5 | CVE-2013-2840 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources. | 2013-05-22 | 7.5 | CVE-2013-2841 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. | 2013-05-22 | 7.5 | CVE-2013-2842 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data. | 2013-05-22 | 7.5 | CVE-2013-2843 |
| google -- chrome | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. | 2013-05-22 | 7.5 | CVE-2013-2844 |
| google -- chrome | The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2845 |
| google -- chrome | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840. | 2013-05-22 | 7.5 | CVE-2013-2846 |
| infotecs -- vipnet_client | Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. | 2013-05-22 | 7.2 | CVE-2013-3496 |
| turck -- bl20_programmable_gateway | TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allow remote attackers to obtain administrative access via an FTP session. | 2013-05-23 | 10.0 | CVE-2012-4697 |
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| Back to top | ||||
| a51dev -- activecollab_chat_module | functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch. | 2013-05-23 | 6.5 | CVE-2012-6554 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0991 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0992 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0993 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0994 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0995 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0996 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0997 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0998 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0999 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1000 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1001 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1002 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1003 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1004 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1005 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1006 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1007 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1008 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1010 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1011 |
| canonical -- telepathy-idle | telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2013-05-21 | 5.8 | CVE-2007-6746 |
| cisco -- ios_xr | Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. | 2013-05-23 | 5.0 | CVE-2013-1204 |
| elgg -- elgg | Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information. | 2013-05-23 | 4.3 | CVE-2012-6561 |
| elgg -- elgg | engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. | 2013-05-23 | 6.8 | CVE-2012-6562 |
| elgg -- elgg | engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | 2013-05-23 | 4.3 | CVE-2012-6563 |
| emc -- rsa_authentication_agent | Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-05-22 | 4.3 | CVE-2013-0942 |
| emc -- celerra_control_station | EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership. | 2013-05-20 | 6.8 | CVE-2013-3270 |
| freenac -- freenac | Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php. | 2013-05-23 | 4.3 | CVE-2012-6559 |
| google -- chrome | Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2013-05-22 | 5.0 | CVE-2013-2838 |
| google -- chrome | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. | 2013-05-22 | 6.8 | CVE-2013-2847 |
| google -- chrome | The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. | 2013-05-22 | 5.0 | CVE-2013-2848 |
| google -- chrome | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | 2013-05-22 | 4.3 | CVE-2013-2849 |
| heaventools -- pe_explorer | Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file. | 2013-05-23 | 6.8 | CVE-2012-6558 |
| jspautsch -- firstlastnames | Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information. | 2013-05-23 | 4.3 | CVE-2012-6556 |
| microsys -- promotic | Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. | 2013-05-23 | 5.0 | CVE-2011-4518 |
| microsys -- promotic | Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. | 2013-05-23 | 4.3 | CVE-2011-4519 |
| microsys -- promotic | Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. | 2013-05-23 | 4.3 | CVE-2011-4520 |
| openstack -- keystone | OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | 2013-05-21 | 6.0 | CVE-2013-2059 |
| qemu -- qemu | The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. | 2013-05-21 | 6.9 | CVE-2013-2007 |
| redhat -- enterprise_linux | rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. | 2013-05-21 | 4.3 | CVE-2012-6137 |
| sahotataran -- latestcomment | Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title. | 2013-05-23 | 4.3 | CVE-2012-6555 |
| vercot -- serva32 | Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request. | 2013-05-20 | 5.0 | CVE-2013-0145 |
| web2py -- web2py | Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-05-22 | 4.3 | CVE-2013-2311 |
| xen -- xen | Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. | 2013-05-21 | 6.9 | CVE-2013-1964 |
| zodiacdm -- aboutme-plugin | Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information. | 2013-05-23 | 4.3 | CVE-2012-6557 |
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| Back to top | ||||
| apple -- itunes | Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | 2013-05-20 | 2.9 | CVE-2013-1014 |
| openstack -- devstack | OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | 2013-05-21 | 2.1 | CVE-2013-1977 |
| openstack -- keystone | OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | 2013-05-21 | 2.1 | CVE-2013-2006 |
| rsa -- authentication_agent | EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | 2013-05-22 | 2.1 | CVE-2013-0941 |
-원문기사 보기: US-CERT: Bulletin (SB13-147)
