EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
AV:N/AC:M/Au:N/C:P/I:P/A:PEmc Rsa Netwitness Nextgen
APPEmc9.8Emc Rsa Security Analytics
APPEmc10.010.110.2
Related vulnerabilities
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vul...
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Ker...
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability...
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to impro...
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnera...