CVE-2015-4546
Summary
| CVE | CVE-2015-4546 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-10-02 02:59:00 UTC |
| Updated | 2016-12-08 18:50:00 UTC |
| Description | Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Emc | Rsa Certificate Manager | All | All | All | All |
| Application | Emc | Rsa Onestep | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| RSA Certificate Manager and Registration Manager Input Validation Flaw in OneStep Component Lets Remote Users Traverse the Directory to View Files on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| RSA OneStep 6.9 Path Traversal ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| Bugtraq: ESA-2015-151: RSA® OneStep Path Traversal Vulnerability | BUGTRAQ | seclists.org | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.