RSA enVision Multiple Security Vulnerabilities
BID:52557
Info
RSA enVision Multiple Security Vulnerabilities
| Bugtraq ID: | 52557 |
| Class: | Unknown |
| CVE: |
CVE-2012-0399 CVE-2012-0400 CVE-2012-0401 CVE-2012-0402 CVE-2012-0403 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2012 12:00AM |
| Updated: | Mar 19 2012 12:00AM |
| Credit: | Filip Palian |
| Vulnerable: |
RSA Security enVision Platform 4.1 P3 RSA Security enVision Platform 4.0 SP4 P5 RSA Security enVision Platform 4.0 |
| Not Vulnerable: |
RSA Security enVision Platform 4.1 P4 |
Discussion
RSA enVision Multiple Security Vulnerabilities
Moodle is prone to multiple security vulnerabilities, including:
1. Multiple unspecified cross-site scripting vulnerabilities. (CVE-2012-0399)
2. An authentication-bypass vulnerability. (CVE-2012-0400)
3. Multiple unspecified SQL-injection vulnerabilities. (CVE-2012-0401)
4. An authentication-bypass vulnerability. (CVE-2012-0402)
5. An unspecified directory-traversal vulnerability. (CVE-2012-0403)
Attackers can exploit these issues to bypass certain security restrictions, insert malicious HTML and script codes, obtain sensitive information, compromise a denial of service attack, and modify data in the underlying database.
Moodle is prone to multiple security vulnerabilities, including:
1. Multiple unspecified cross-site scripting vulnerabilities. (CVE-2012-0399)
2. An authentication-bypass vulnerability. (CVE-2012-0400)
3. Multiple unspecified SQL-injection vulnerabilities. (CVE-2012-0401)
4. An authentication-bypass vulnerability. (CVE-2012-0402)
5. An unspecified directory-traversal vulnerability. (CVE-2012-0403)
Attackers can exploit these issues to bypass certain security restrictions, insert malicious HTML and script codes, obtain sensitive information, compromise a denial of service attack, and modify data in the underlying database.
Exploit / POC
RSA enVision Multiple Security Vulnerabilities
An attacker can use a browser to exploit these issues. In some cases, the attacker entices an unsuspecting user to follow a malicious URI.
An attacker can use a browser to exploit these issues. In some cases, the attacker entices an unsuspecting user to follow a malicious URI.
Solution / Fix
RSA enVision Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.