CVE-2018-1234 Vulnerability Details

  /     /     /  

CVE-2018-1234 Metadata Quick Info

CVE Published: 30/03/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: dell | Vendor: Dell EMC | Product: RSA Authentication Agent for Web for IIS
Status : PUBLISHED

---

CVE-2018-1234 Description

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Sensitive Information Disclosure Vulnerability
Source: Dell EMC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).