Information Disclosure in RSA enVision by RSA Security
CVE-2011-2736

Currently unrated

Key Information:

Vendor: Rsa
Status: Envision
Vendor: CVE Published:; 25 August 2011

What is CVE-2011-2736?

Certain versions of RSA enVision prior to the service pack 4 P3 release inadvertently expose sensitive administrative credentials in cleartext within Task Escalation email messages. This flaw allows unauthorized individuals to capture sensitive information by monitoring network traffic or accessing the mailbox of a recipient. As a result, attackers can gain unauthorized insight into administrative control, potentially compromising the security of the entire system.

References

http://www.securityfocus.com/archive/1/519395/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityreason.com/securityalert/8350

third-party-advisoryx_refsource_SREASON

http://www.securitytracker.com/id?1025979

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2011
Vulnerability Reserved
Jul 13, 2011

JSON

Rsa

What is CVE-2011-2736?

References

Timeline