|Applies To||RSA Key Manager Server versions 1.5.x, 2.0.x, 2.1.3.x, 2.2.x and 2.5.x|
Known Exploitation of the Vulnerability:
RSA, The Security Division of EMC, is not aware of any attacks utilizing this vulnerability.
|Issue||Execution with Unnecessary Privileges|
Execution with Unnecessary Privileges
An unauthorized attacker could leverage this vulnerability to escalate the severity of vulnerability for a variety of immediate compromises including the theft of sensitive information, unauthorized use of system resources, or denial of service.
Tomcat5.exe service was running with unnecessary privileges. Running a service using unnecessary privileges increases the severity associated with many other vulnerabilities that may be found within the application. A service running with unnecessary privileges may allow an attacker access to resources that he/she may not have been allowed if the service were executed using the minimum set of privileges necessary.
|Resolution||This issue is fixed in RKM Server 2.7. The fix includes documentation on how to configure RKM Server with least privilege. For more details, refer to RSA Key Manager Server 2.7 Installation Guides, section Prerequisites => Create User Accounts. Any deployments of RKM Server versions prior to 2.7 should be upgraded to the latest version of RKM Server 2.7, and documentation followed to configure RKM Server with minimal privilege.|
|Legacy Article ID||a49698|