.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
ESA-2012-052: RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities
Tags: RSA NetWitness Platform, Security Advisories
Advisory Type
Security
Advisory Content
EMC Identifier: ESA-2012-052
CVE Identifier: CVE-2012-4608, CVE-2012-4609
Severity Rating: CVSS v2 Base Score: 6. 8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Affected Products:
RSA NetWitness Informer versions prior 2.0.5.6
Summary:
RSA NetWitness Informer web interface is susceptible to vulnerabilities that could be potentially exploited by malicious users to compromise the affected systems.
Details:
RSA NetWitness Informer web interface is susceptible to cross-site request forgery (CVE-2012-4608) and click-jacking (CVE-2012-4609) vulnerabilities. These vulnerabilities could be potentially exploited by malicious people by tricking an authenticated user to click on specially-crafted links. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.
Recommendation:
It is recommended that the Informer patch (v2.0.5.6) is downloaded from SCOL and installed as soon as possible.