Cross-Site Scripting Vulnerability in RSA Authentication Agent for Web by RSA
CVE-2018-1233

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Authentication Agent For Web For Iis, Rsa Authentication Agent For Web For Apache Web Server
Vendor: CVE Published:; 30 March 2018

Summary

The RSA Authentication Agent for Web, used with both IIS and Apache Web Server, is susceptible to a cross-site scripting vulnerability. This flaw allows attackers to execute arbitrary HTML or JavaScript code in the users' browser sessions while interacting with affected web pages. By exploiting this vulnerability, malicious actors can potentially hijack user sessions and perform unauthorized actions within the context of the compromised website.

Affected Version(s)

RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server version 8.0.1 and earlier

References

http://seclists.org/fulldisclosure/2018/Mar/60

mailing-listx_refsource_FULLDISC

http://www.securitytracker.com/id/1040577

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Dec 6, 2017