Exposure of Sensitive Information to an Unauthorized Actor

CVE-2011-4143

Medium

5/10

Summary

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

References

Advisory Timeline

Published Jan 27, 2012

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2011-4143

Summary

CWE-200 - Information Exposure

References

Advisory Timeline

ChainAlert

ChainJacking

CuteBoi