CVE-2020-5340

Name of the Vulnerable Software and Affected Versions RSA Authentication Manager versions prior to 8.4 P10

Description The issue concerns a stored cross-site scripting vulnerability in the Security Console of RSA Authentication Manager. A malicious administrator with advanced privileges could exploit this to store arbitrary HTML or JavaScript code through the Security Console web interface. When other administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.

Recommendations For versions prior to 8.4 P10, update to version 8.4 P10 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Console web interface to minimize the risk of exploitation. Additionally, limit the privileges of administrators to reduce the potential impact of this vulnerability.