CVE-2013-6180 Information

Description

EMC RSA Security Analytics (SA) 10.x before 10.3 and RSA NetWitness NextGen 9.8 does not ensure that SA Core requests originate from the SA REST UI which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html http://www.securitytracker.com/id/1029446