DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
CVE-2018-11075

5.8MEDIUM

Key Information:

Vendor
Rsa
Status
Authentication Manager
Vendor
CVE Published:
28 September 2018

Summary

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.

Affected Version(s)

Authentication Manager < 8.3 P3

References

https://seclists.org/fulldisclosure/2018/Sep/39
mailing-listx_refsource_FULLDISC
http://www.securitytracker.com/id/1041697
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/105410
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.