CVE-2015-0521

Name of the Vulnerable Software and Affected Versions EMC RSA Certificate Manager versions prior to 6.9 build 558 EMC RSA Registration Manager versions prior to 6.9 build 558

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter. This enables attackers to execute malicious scripts on the affected system.

Recommendations For EMC RSA Certificate Manager versions prior to 6.9 build 558, update to version 6.9 build 558 or later. For EMC RSA Registration Manager versions prior to 6.9 build 558, update to version 6.9 build 558 or later. As a temporary workaround, consider restricting access to the CMP shared secret parameter to minimize the risk of exploitation.