PT-2018-10286 · Rsa · Emc Rsa Authentication Manager

Published

2018-09-28

Updated

2020-03-27

CVE-2018-11073

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions RSA Authentication Manager versions prior to 8.3 P3

Description The issue concerns a stored cross-site scripting vulnerability in the Operations Console of RSA Authentication Manager. This vulnerability could be exploited by a malicious Operations Console administrator to store arbitrary HTML or JavaScript code through the web interface. When other administrators access the affected page, the injected scripts could potentially be executed in their browser.

Recommendations For RSA Authentication Manager versions prior to 8.3 P3, update to version 8.3 P3 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-11073

Affected Products

Emc Rsa Authentication Manager

PT-2018-10286 · Rsa · Emc Rsa Authentication Manager

CVE-2018-11073

Weakness Enumeration

Related Identifiers

Affected Products

References · 5