CVE-2018-11074

Name of the Vulnerable Software and Affected Versions RSA Authentication Manager versions prior to 8.3 P3

Description A DOM-based cross-site scripting issue exists in the embedded MadCap Flare Help files of RSA Authentication Manager. This could be exploited by a remote unauthenticated attacker who tricks a victim into supplying malicious HTML or JavaScript code to the browser DOM, which is then executed by the web browser in the context of the vulnerable web application.

Recommendations For versions prior to 8.3 P3, update to version 8.3 P3 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded MadCap Flare Help files to minimize the risk of exploitation.