CVE-2011-2733 (GCVE-0-2011-2733)
Vulnerability from cvelistv5 – Published: 2011-08-18 23:00 – Updated: 2024-08-06 23:08
VLAI
EPSS
VEX
Summary
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/49574 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/519346/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/8344 | third-party-advisoryx_refsource_SREASON |
Date Public
2011-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49574"
},
{
"name": "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded"
},
{
"name": "8344",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "49574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49574"
},
{
"name": "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded"
},
{
"name": "8344",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49574"
},
{
"name": "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded"
},
{
"name": "8344",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2011-2733",
"datePublished": "2011-08-18T23:00:00.000Z",
"dateReserved": "2011-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:08:23.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-2733",
"date": "2026-07-17",
"epss": "0.01289",
"percentile": "0.66976"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-2733\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2011-08-18T23:55:00.710\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.\"},{\"lang\":\"es\",\"value\":\"EMC RSA Adaptive Authentication On-Premise (AAOP) v6.0.2.1 SP1 Patch2, SP1 Patch3, SP2, SP2 Patch1 y Service Pack 3 no impide la reutilizaci\u00f3n de la informaci\u00f3n de autenticaci\u00f3n durante una sesi\u00f3n, lo que permite eludir las restricciones de acceso, a usuarios remotos autenticados, a trav\u00e9s de vectores relacionados con el conocimiento de la informaci\u00f3n de autenticaci\u00f3n utilizado originalmente y con informaci\u00f3n de sesi\u00f3n no especificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F97E490D-12E8-420C-990E-2BB4B97D86D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E18C647-3264-46A0-8411-4DB02E470217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"30CE0F82-18A5-4E1F-B096-8A85AF85F4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"250D48AB-3B67-402F-AE85-DF8B12E10D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"504CA1D2-9915-4ABF-9D08-C8ED5F86F34A\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/8344\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/519346/100/0/threaded\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/bid/49574\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://securityreason.com/securityalert/8344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/519346/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/49574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Per: http://www.securityfocus.com/archive/1/archive/1/519346/100/0/threaded\\r\\n\\r\\n\\r\\nWe strongly recommend that RSA customers should obtain the following hot fixes:\\r\\n\\r\\nRSA AAOP 6.0.2.1 SP1 Patch 2 customers should obtain Hotfix 430 from SecurCare Online.\\r\\n\\r\\nRSA AAOP 6.0.2.1 SP1 Patch 3 customers should obtain Hotfix 130 from SecurCare Online.\\r\\n\\r\\nRSA AAOP 6.0.2.1 SP2 customers should obtain Hotfix 360 from SecurCare Online.\\r\\n\\r\\nRSA AAOP 6.0.2.1 SP2 Patch 1 customers should obtain Hotfix 140 from SecurCare Online.\\r\\n\\r\\nRSA AAOP 6.0.2.1 SP3 customers should obtain Hotfix 130 from SecurCare Online.\\r\\n\"}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…