Cross-Site Scripting Vulnerability in RSA Authentication Agent for Web by RSA
CVE-2018-1233

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Authentication Agent For Web For Iis, Rsa Authentication Agent For Web For Apache Web Server
Vendor: CVE Published:; 30 March 2018

What is CVE-2018-1233?

The RSA Authentication Agent for Web, used with both IIS and Apache Web Server, is susceptible to a cross-site scripting vulnerability. This flaw allows attackers to execute arbitrary HTML or JavaScript code in the users' browser sessions while interacting with affected web pages. By exploiting this vulnerability, malicious actors can potentially hijack user sessions and perform unauthorized actions within the context of the compromised website.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server version 8.0.1 and earlier

References

http://seclists.org/fulldisclosure/2018/Mar/60

mailing-listx_refsource_FULLDISC

http://www.securitytracker.com/id/1040577

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Dec 6, 2017

JSON

Dell