Mantas Juskauskas

**Name of the Vulnerable Software and Affected Versions** RSA Authentication Manager versions prior to 8.3 P3 **Description** A DOM-based cross-site scripting issue exists in the embedded MadCap Flare Help files of RSA Authentication Manager. This could be exploited by a remote unauthenticated attacker who tricks a victim into supplying malicious HTML or JavaScript code to the browser DOM, which is then executed by the web browser in the context of the vulnerable web application. **Recommendations** For versions prior to 8.3 P3, update to version 8.3 P3 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded MadCap Flare Help files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RSA Authentication Manager Security Console versions 8.3 and earlier **Description** The issue allows admin users to potentially cause a denial of service or extract server data by injecting a maliciously crafted DTD in an XML file submitted to the application. This is due to a XML External Entity (XXE) vulnerability. **Recommendations** For RSA Authentication Manager Security Console versions 8.3 and earlier, update to a version later than 8.3 to resolve the issue.