製品・ソフトウェアに関する情報

JVN脆弱性詳細

EMC RSA Key Manager (RKM) Appliance における任意のコードを実行される脆弱性

Title	EMC RSA Key Manager (RKM) Appliance における任意のコードを実行される脆弱性
Summary	EMC RSA Key Manager (RKM) Appliance は、Firefox が使用される際に、ログアウト時のユーザセッションを適切に終了しないため、任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、無人のワークステーションを介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 9, 2011, midnight
Registration Date	Nov. 14, 2011, 3:47 p.m.
Last Update	Nov. 14, 2011, 3:47 p.m.

Affected System

Mozilla Foundation

Mozilla Firefox 4.x

Mozilla Firefox 5.0

DELL EMC (旧 EMC Corporation)

EMC RSA Key Manager Appliance 2.7.1.6 未満の 2.7 SP1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-2740	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2740
National Vulnerability Database (NVD)
2	CVE-2011-2740	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2740

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

Change Log

No	Changed Details	Date of change
0	[2011年11月14日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-2740

Summary	EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
Publication Date	Nov. 10, 2011, 8:55 a.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:28 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:h:emc:rsa_key_manager_appliance:2.7:sp1::::::
execution environment
1	cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
2	cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
3	cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
4	cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
5	cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
6	cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
7	cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
8	cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
9	cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
10	cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
11	cpe:2.3:a:mozilla:firefox:4.0:::::::*
12	cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
13	cpe:2.3:a:mozilla:firefox:4.0:beta7::::::
14	cpe:2.3:a:mozilla:firefox:4.0.1:::::::*
15	cpe:2.3:a:mozilla:firefox:5.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://securityreason.com/securityalert/8529
2	http://www.securityfocus.com/archive/1/520381
3	http://www.securitytracker.com/id?1026276
4	http://securityreason.com/securityalert/8529
5	http://www.securitytracker.com/id?1026276
6	http://www.securityfocus.com/archive/1/520381

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:h:emc:rsa_key_manager_appliance:2.7:sp1::::::
execution environment
1	cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
2	cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
3	cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
4	cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
5	cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
6	cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
7	cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
8	cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
9	cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
10	cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
11	cpe:2.3:a:mozilla:firefox:4.0:::::::*
12	cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
13	cpe:2.3:a:mozilla:firefox:4.0:beta7::::::
14	cpe:2.3:a:mozilla:firefox:4.0.1:::::::*
15	cpe:2.3:a:mozilla:firefox:5.0:::::::*