Emc rsa Data Loss Prevention insecure session management Privilege Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
EMC Data Loss pre-vention 9.6
EMC Data Loss pre-vention 9.5
EMC Data Loss pre-vention 9.0
Unaffected system:
EMC Data Loss Prevention 9.6-SP2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65914
CVE (CAN) ID: CVE-2014-0624

RSA Data Loss Prevention can detect and monitor the location and stream of sensitive Data (such as customer credit card Data, employee PII, or company intellectual property. Train End users by email, Web, PC, and smartphone, and implement control measures to prevent loss of sensitive data.

RSA Data Loss Prevention 9.0, 9.5, 9.6, 9.6 SP1 has an insecure session management mechanism, which allows users with lower permissions to access content that can be accessed by high-level users.

<* Source: EMC

Link: http://www.securityfocus.com/archive/1/531319
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

EMC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.emc.com/products-solutions/index.htm