CVE-2014-4619 — Improper Authentication in RSA Identity Management AND Governance

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

1.6%

top 18.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EMC RSA Identity Management AND Governance

Timeline

PublishedAug 28

Latest updateMay 17

Description

EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDemc/rsa_identity_management_and_governance5 versions+4

🔴Vulnerability Details

GHSA

GHSA-6537-8cc4-v46v: EMC RSA Identity Management and Governance (IMG) 6↗2022-05-17

▶

CVEList

CVE-2014-4619: EMC RSA Identity Management and Governance (IMG) 6↗2014-08-28

▶