PT-2018-11242 · Rsa · Rsa Authentication Manager Security Console

Published

2018-06-21

Updated

2020-03-27

CVE-2018-1254

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions RSA Authentication Manager Security Console versions 8.3 P1 and earlier

Description The issue allows a remote unauthenticated attacker to potentially exploit a reflected cross-site scripting vulnerability by tricking a Security Console administrator into supplying malicious HTML or JavaScript code to a vulnerable web application. This code is then reflected back to the victim and executed by the web browser.

Recommendations For RSA Authentication Manager Security Console versions 8.3 P1 and earlier, update to a version later than 8.3 P1 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1254

Affected Products

Rsa Authentication Manager Security Console

PT-2018-11242 · Rsa · Rsa Authentication Manager Security Console

CVE-2018-1254

Weakness Enumeration

Related Identifiers

Affected Products

References · 5