CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0643

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.1%

CVSS Severity

CVSS v2 Score 7.6

References

http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html
http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html

Products affected by CVE-2014-0643

Emc » Rsa Netwitness » Version: 9.8.5.17

cpe:2.3:a:emc:rsa_netwitness:9.8.5.17
Emc » Rsa Security Analytics » Version: 10.2

cpe:2.3:a:emc:rsa_security_analytics:10.2
Emc » Rsa Security Analytics » Version: 10.2.3

cpe:2.3:a:emc:rsa_security_analytics:10.2.3
Emc » Rsa Security Analytics » Version: 10.3

cpe:2.3:a:emc:rsa_security_analytics:10.3
Emc » Rsa Security Analytics » Version: 10.3.1

cpe:2.3:a:emc:rsa_security_analytics:10.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0643

Products

Pricing

Contact Us