PT-2016-4478 · Emc · Rsa Adaptive Authentication
Published
2016-09-21
·
Updated
2017-07-30
·
CVE-2016-0925
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
EMC RSA Adaptive Authentication (On-Premise) versions prior to 6.0.2.1.SP3.P4 HF210
EMC RSA Adaptive Authentication (On-Premise) versions 7.0.x through 7.1.x before 7.1.0.0.SP0.P6 HF50
EMC RSA Adaptive Authentication (On-Premise) versions 7.2.x before 7.2.0.0.SP0.P0 HF20
Description
A cross-site scripting (XSS) issue exists in the Case Management application, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For versions prior to 6.0.2.1.SP3.P4 HF210, update to version 6.0.2.1.SP3.P4 HF210 or later.
For versions 7.0.x through 7.1.x before 7.1.0.0.SP0.P6 HF50, update to version 7.1.0.0.SP0.P6 HF50 or later.
For versions 7.2.x before 7.2.0.0.SP0.P0 HF20, update to version 7.2.0.0.SP0.P0 HF20 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rsa Adaptive Authentication