Host Header Injection in RSA Authentication Manager by RSA Security
CVE-2018-1248

6.1MEDIUM

Key Information:

Vendor
Dell
Status
Rsa Authentication Manager Security Console, Operation Console And Self-service Console
Vendor
CVE Published:
8 May 2018

Summary

RSA Authentication Manager Security Console, Operation Console, and Self-Service Console versions 8.3 and earlier suffer from a host header injection vulnerability. This flaw enables remote attackers to poison the HTTP cache and potentially redirect users to malicious external sites. By exploiting this vulnerability, attackers can manipulate the traffic and compromise user interactions with the affected consoles.

Affected Version(s)

RSA Authentication Manager Security Console, Operation Console and Self-Service Console version 8.3 and earlier

References

http://www.securityfocus.com/bid/104113
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/May/18
mailing-listx_refsource_FULLDISC
http://www.securitytracker.com/id/1040835
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.