CVE-2018-11075

Name of the Vulnerable Software and Affected Versions RSA Authentication Manager versions prior to 8.3 P3

Description The issue allows a remote, unauthenticated malicious user to potentially exploit a reflected cross-site scripting vulnerability in a Security Console page. This could be achieved by tricking a victim Security Console user into supplying malicious HTML or JavaScript code to the vulnerable web application, which is then executed by the victim's web browser in the context of the vulnerable web application. The malicious user would need knowledge of the target user's anti-CSRF token.

Recommendations For RSA Authentication Manager versions prior to 8.3 P3, update to version 8.3 P3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Console page to minimize the risk of exploitation.