Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox.
RSA enVision Version(s): 3.x, 4.x
RSA enVision lets remote users view files and remote authenticated users obtain password.
Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain administrative passwords. A remote authenticated user can view administrative credentials in Task Escalation emails [CVE-2011-2736]. Only version 4.x is affected. A remote user can view arbitrary files on target system [CVE-2011-2737].
A remote user can view files on the target system. A remote authenticated user can obtain administrative passwords.
RSA strongly recommends that enVision customers upgrade to RSA enVision 4 SP4 P3 which contains the resolution for both issues
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. RSA SecurCare Online Logon