Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RSA Keon CA日志文件验证绕过漏洞
Vulnerability Description
RSA Keon证书管理中心(CA)软件是行业领先的数字证书管理系统。 RSA Keon Certificate Authority Manager的日志验证函数中存在几个漏洞,允许CA管理员或任何访问CA服务器的本地管理用户操控记录过程,掩饰其行为。 1 默认下Keon将xml日志以以下格式储存在C:\Program Files\RSA Security\RSA_KeonCA\LogServer\logs\<filename>.xml文件中,每个日志文件通常都包含有如上所示的块。攻击者可以从日志文件删除
CVSS Information
N/A
Vulnerability Type
N/A