CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1234

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.7%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

http://seclists.org/fulldisclosure/2018/Mar/60
http://www.securitytracker.com/id/1040577
http://seclists.org/fulldisclosure/2018/Mar/60
http://www.securitytracker.com/id/1040577

Products affected by CVE-2018-1234

Rsa » Authentication Agent For Web » Version: 8.0

cpe:2.3:a:rsa:authentication_agent_for_web:8.0
Rsa » Authentication Agent For Web » Version: 8.0.1

cpe:2.3:a:rsa:authentication_agent_for_web:8.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1234

Products

Pricing

Contact Us