PT-2018-11236 · Rsa · Rsa Authentication Manager Operation Console

Published

2018-06-21

Updated

2020-03-27

CVE-2018-1253

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions RSA Authentication Manager Operation Console versions 8.3 P1 and earlier

Description The issue allows a malicious Operations Console administrator to store arbitrary HTML or JavaScript code through the web interface, potentially executing injected scripts in the browsers of other Operations Console administrators when they open the affected page.

Recommendations For RSA Authentication Manager Operation Console versions 8.3 P1 and earlier, update to a version later than 8.3 P1 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1253

Affected Products

Rsa Authentication Manager Operation Console

PT-2018-11236 · Rsa · Rsa Authentication Manager Operation Console

CVE-2018-1253

Weakness Enumeration

Related Identifiers

Affected Products

References · 5