CVE-2014-0624 : EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticat

EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.

Published 2014-03-06 11:55:05

Updated 2014-03-07 19:17:23

Source Dell

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-0624

Probability of exploitation activity in the next 30 days: 0.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 45 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-0624

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.7	LOW	AV:A/AC:L/Au:S/C:P/I:N/A:N	5.1	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2014-0624

http://seclists.org/bugtraq/2014/Mar/8

Bugtraq: ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability

Products affected by CVE-2014-0624

EMC » Rsa Data Loss Prevention » Version: 9.6
cpe:2.3:a:emc:rsa_data_loss_prevention:9.6:*:*:*:*:*:*:*
Matching versions
EMC » Rsa Data Loss Prevention » Version: 9.5
cpe:2.3:a:emc:rsa_data_loss_prevention:9.5:*:*:*:*:*:*:*
Matching versions
EMC » Rsa Data Loss Prevention » Version: 9.0
cpe:2.3:a:emc:rsa_data_loss_prevention:9.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-0624

Exploit prediction scoring system (EPSS) score for CVE-2014-0624

CVSS scores for CVE-2014-0624

References for CVE-2014-0624

Products affected by CVE-2014-0624