CVE-2012-0403

2012-03-20 16:55:00 2017-12-06 03:29:01

Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE_INSTANCE

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

RSA enVision 4.1 RSA enVision 4.0 Service Pack 4 RSA enVision 4.0 Service Pack 3 RSA enVision 4.0 Service Pack 2 RSA enVision 4.0 Service Pack 1

Rsa - Envision

Advisory	Patch	Confirmed	Link
			envision-unspec-dir-traversal(74139)
			52557
			1026819
			20120318 ESA-2012-014: RSA enVision Multiple Vulnerabili...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)