A vulnerability has been reported in RSA Access Manager, which can be exploited by malicious people to bypass certain security restrictions.
Release Date 2012-07-05
Severity: Low
Impact
· Security Bypass
Software:
· RSA Access Manager Agent 4.x
· RSA Access Manager Server 6.x
CVE Reference(s)
CVE-2012-2281
Description
The vulnerability is caused due to an error when invalidating session tokens when a user logs out and can be exploited to replay a session using session tokens that are compromised.
The vulnerability is reported in RSA Access Manager Server versions 6.0.x and 6.1 prior to 6.1 SP4 and all supported versions of RSA Access Manager Agent.
Solution
Apply hot fixes
Original Advisory
ESA-2012-026:
http://archives.neohapsis.com/archives/bugtraq/2012-07/0037.html
NOTE:The Information provided is on "as is" basis, without assurance of any kind.