** Please do not reply to this e-mail. To change or cancel your subscription to RSA SecurCare Notes & Alerts, please see ?About RSA SecurCare Notes & Alerts Subscription? below.

RSA, The Security Division of EMC, releases a security hot fix for RSA enVision

Note
Updated November 20, 2008
** Please do not reply to this e-mail. To change or cancel your subscription to RSA SecurCare Notes & Alerts, please see ?About RSA SecurCare Notes & Alerts Subscription? below.

RSA, The Security Division of EMC, releases a security hot fix for RSA enVision

Note
Updated November 20, 2008

Summary:

This hot fix addresses a potential security vulnerability which could allow unauthorized users to gain access to administrative information in certain versions of RSA enVision?.

The potential vulnerability in the affected versions of RSA enVision could be exploited by malicious users to access administrative user passwords

Affected Products:

RSA enVision 3.5.0
RSA enVision 3.5.1
RSA enVision 3.5.2
RSA enVision 3.7.0

Recommendations:

RSA strongly recommends that customers apply the hot fix to RSA enVision at the earliest opportunity.
The security fix can be downloaded here: https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8329

Obtaining Downloads:

To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll down to the section for the product download that you want and click on the link.

A fix is available for the following versions of enVison:

RSA enVision 3.5.0
RSA enVision 3.5.1
RSA enVision 3.5.2
RSA enVision 3.7.0
Please note that customers using older versions than these will need to upgrade. RSA strongly recommends that customers either apply the hot fix to RSA enVision or upgrade their deployment at the earliest opportunity.

Obtaining Documentation:

To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll down to the section for the product version that you want and click on the set link.

Obtaining More Information: 

For more information about RSA enVision visit the RSA web site at http://www.rsa.com/node.aspx?id=3170.

Getting Support and Service:

For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.

General Customer Support Information: http://www.rsa.com/node.aspx?id=1264

RSA SecurCare Online:  https://knowledge.rsasecurity.com

About RSA SecurCare Notes & Alerts Subscription

RSA SecurCare Notes & Alerts are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you?d like to stop receiving RSA SecurCare Notes & Alerts, or if you?d like to change which RSA product family Notes & Alerts you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view5. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Alerts you no longer want to receive. Click the Submit button to save your selection.

RSA would like to thank Nicolas Viot of Intrinsec for reporting this potential vulnerability.

Sincerely,

RSA Customer Support