Session Replay Vulnerability in EMC RSA Access Manager Server and Agent
CVE-2012-2281

Currently unrated

Key Information:

Vendor: Rsa
Status: Access Manager Server; Access Manager Agent
Vendor: CVE Published:; 5 July 2012

What is CVE-2012-2281?

The EMC RSA Access Manager Server versions prior to 6.1 SP4 and the RSA Access Manager Agent exhibit a critical flaw in their session token validation process following logout. This vulnerability permits remote attackers to potentially exploit session tokens, enabling them to execute replay attacks and gain unauthorized access to user sessions. Exploitation occurs through various unspecified vectors, highlighting the necessity of implementing robust session management protocols to mitigate risk.

References

http://archives.neohapsis.com/archives/bugtraq/2012-07/00...

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id?1027220

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2012
Vulnerability Reserved
Apr 19, 2012

JSON

Rsa

What is CVE-2012-2281?

References

Timeline