CVE-2019-3711

{"id": "CVE-2019-3711", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.3}]}, "published": "2019-03-13T21:29:00.353", "references": [{"url": "http://www.securityfocus.com/bid/107210", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://seclists.org/fulldisclosure/2019/Mar/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks."}, {"lang": "es", "value": "RSA Authentication Manager, en CVErsiones anteriores a la 8.4 P1, contiene una vulnerabilidad de gesti\u00f3n insegura de credenciales. Un administrador malicioso de la consola de operaciones podr\u00eda ser capaz de obtener el valor de una contrase\u00f1a de dominio que hab\u00eda sido establecida por otro administrador de la consola de operaciones y emplearla para ataques."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF61F8BF-7483-4A81-9219-EE2465D48182"}, {"criteria": "cpe:2.3:a:rsa:authentication_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CD5FF51-B834-4181-B635-BCF6CF616CCD", "versionEndExcluding": "8.4"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}