PT-2019-15527 · Rsa · Emc Rsa Authentication Manager
Published
2019-12-03
·
Updated
2020-04-01
·
CVE-2019-18574
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RSA Authentication Manager software versions prior to 8.4 P8
Description
The issue concerns a stored cross-site scripting vulnerability in the Security Console of the RSA Authentication Manager software. This vulnerability could be exploited by a malicious Security Console administrator to store arbitrary HTML or JavaScript code through the web interface, which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.
Recommendations
For versions prior to 8.4 P8, update to version 8.4 P8 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Rsa Authentication Manager