{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-06T14:57:01.000Z", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1029446", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029446"}, {"name": "20131204 ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2013-6180", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1029446", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029446"}, {"name": "20131204 ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:29:42.994Z"}, "title": "CVE Program Container", "references": [{"name": "1029446", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029446"}, {"name": "20131204 ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2013-6180", "datePublished": "2013-12-09T18:00:00.000Z", "dateReserved": "2013-10-21T00:00:00.000Z", "dateUpdated": "2024-08-06T17:29:42.994Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_netwitness_nextgen:9.8:*:*:*:*:*:*:*", "matchCriteriaId": "12A0654C-F8C4-4B98-99A8-68444F58F846", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_security_analytics:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C264FDBA-A31E-4453-9700-556CD5D247A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_security_analytics:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "20931B04-A6E1-4A86-8CBF-A7527FA14803", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_security_analytics:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "D982272F-FA17-48B3-81CA-5E0B40F1E9B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent."}, {"lang": "es", "value": "EMC RSA Security Analytics (SA) 10.x anterior a 10.3, y RSA NetWitness NextGen 9.8, no asegura que las peticiones al SA Core se originen en el SA REST UI, lo que permite a atacantes remotos evitar las restricciones de acceso al enviar una solicitud Core desde una web navegador u otro agente de usuario no deseado."}], "id": "CVE-2013-6180", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-09T18:55:09.920", "references": [{"source": "security_alert@emc.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1029446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029446"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}