CVE-2015-0532 — RSA Identity Management AND Governance vulnerability

CWE-2643 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EMC RSA Identity Management AND Governance

Timeline

PublishedMay 1

Latest updateMay 17

Description

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDemc/rsa_identity_management_and_governance6.9.0, 6.9.1+1

🔴Vulnerability Details

GHSA

GHSA-57qg-mx7w-vwgp: EMC RSA Identity Management and Governance (IMG) 6↗2022-05-17

▶

CVEList

CVE-2015-0532: EMC RSA Identity Management and Governance (IMG) 6↗2015-05-01

▶