DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
CVE-2018-11073

6.5MEDIUM

Key Information:

Vendor
Rsa
Status
Authentication Manager
Vendor
CVE Published:
28 September 2018

Summary

RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

Affected Version(s)

Authentication Manager < 8.3 P3

References

https://seclists.org/fulldisclosure/2018/Sep/39
mailing-listx_refsource_FULLDISC
http://www.securitytracker.com/id/1041697
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/105410
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.