Unrated severityNVD Advisory· Published Aug 3, 2009· Updated Apr 23, 2026

CVE-2008-6886

Description

RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.

Affected products

Rsa/Envision4 versions
cpe:2.3:a:rsa:envision:3.5.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:rsa:envision:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:envision:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:envision:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:envision:3.7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdPatch
www.secfault.orgnvdPatch
www.vupen.com/english/advisories/2008/3288nvdPatchVendor Advisory
secunia.com/advisories/32883nvdVendor Advisory
www.osvdb.org/50273nvd
www.securityfocus.com/bid/32473nvd
exchange.xforce.ibmcloud.com/vulnerabilities/46884nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000