certfr_avis - certa-2012-avi-044

CERTA-2012-AVI-044

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans RSA enVision et permet à un utilisateur malintentionné de porter atteinte à la confidentialité des données.

Description

Une vulnérabilité a été corrigée dans RSA enVision. Elle permet à un utilisateur non authentifié de récupérer des informations de configuration du système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

RSA enVision 4.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité ESA-2012-007 du 25 janvier 2012	None	vendor-advisory
Bulletin de sécurité RSA ESA-2012-007 du 25 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eRSA enVision 4.x.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans RSA enVision. Elle permet \u00e0 un\nutilisateur non authentifi\u00e9 de r\u00e9cup\u00e9rer des informations de\nconfiguration du syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4143"
    }
  ],
  "initial_release_date": "2012-01-31T00:00:00",
  "last_revision_date": "2012-01-31T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RSA ESA-2012-007 du 25 janvier 2012 :",
      "url": "http://seclists.org/bugtraq/2012/Jan/att-164/ESA-2012-007.txt"
    }
  ],
  "reference": "CERTA-2012-AVI-044",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans RSA enVision et permet \u00e0 un\nutilisateur malintentionn\u00e9 de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans RSA enVision",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ESA-2012-007 du 25 janvier 2012",
      "url": null
    }
  ]
}

CVE-2011-4143 (GCVE-0-2011-4143)

Vulnerability from cvelistv5

Published

2012-01-27 00:00

Modified

2024-09-16 22:25

Severity ?

CWE

Summary

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.

References

URL

Tags

http://www.securityfocus.com/archive/1/521375

mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:50.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20120126 ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/521375"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-01-27T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20120126 ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/521375"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20120126 ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/521375"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-4143",
    "datePublished": "2012-01-27T00:00:00.000Z",
    "dateReserved": "2011-10-19T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:25:06.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2012-AVI-044

Vulnerability from certfr_avis

Description

Solution

CVE-2011-4143 (GCVE-0-2011-4143)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature