RSA enVision Environmental Variable Information Disclosure Vulnerability

Bugtraq ID:	51682
Class:	Input Validation Error
CVE:	CVE-2011-4143
Remote:	Yes
Local:	No
Published:	Jan 26 2012 12:00AM
Updated:	Jan 26 2012 12:00AM
Credit:	Reported by the vendor
Vulnerable:	RSA Security enVision Platform 3.7 SP1 RSA Security enVision Platform 3.7 RSA Security enVision Platform 3.5.2 RSA Security enVision Platform 3.5.1 RSA Security enVision Platform 3.5 RSA Security enVision Platform 4.0 RSA Security enVision Platform 3.7 SP 1
Not Vulnerable:	RSA Security enVision Platform 4.1 P3 RSA Security enVision Platform 4.0 SP4 P5

RSA enVision Environmental Variable Information Disclosure Vulnerability

RSA enVision is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit these issues to gain access to sensitive information. Information obtained may aid in further attacks.

RSA enVision versions 4.x are vulnerable.

RSA enVision Environmental Variable Information Disclosure Vulnerability

Attackers can use readily available tools to exploit these issues.

RSA enVision Environmental Variable Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references for more information.

RSA enVision Environmental Variable Information Disclosure Vulnerability

References:

• enVision Homepage (RSA)