Published: 22/08/2016 Updated: 16/08/2017
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Vulnerability Summary

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 prior to 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."

Affected Products

Vendor Product Versions
EmcAuthentication Manager Prime Self-service3.0, 3.1