CVE-2017-8000

Name of the Vulnerable Software and Affected Versions EMC RSA Authentication Manager versions 8.2 SP1 and earlier

Description A malicious RSA Security Console Administrator could craft a token profile with a name that includes a crafted script containing an XSS payload. This script could be executed when another administrator views or edits the assigned token profile in their browser session.

Recommendations For versions 8.2 SP1 and earlier, consider restricting access to the RSA Security Console Administrator role to minimize the risk of exploitation. As a temporary workaround, avoid viewing or editing token profiles that may contain malicious scripts until a fix is available.