Reflected Cross-Site Scripting Vulnerability in RSA Authentication Manager
CVE-2018-1254

6.1MEDIUM

Key Information:

Vendor: Rsa
Status: Rsa Authentication Manager
Vendor: CVE Published:; 21 June 2018

What is CVE-2018-1254?

RSA Authentication Manager, specifically versions 8.3 P1 and earlier, is susceptible to a reflected cross-site scripting vulnerability. This allows a remote unauthenticated attacker to exploit the Security Console by tricking an administrator into executing malicious code. By injecting harmful HTML or JavaScript code, the attacker can reflect it back to the victim, posing a serious risk to the integrity of the application and its users. It is crucial for administrators to remain vigilant and implement security measures to mitigate potential exploitation.

Affected Version(s)

RSA Authentication Manager <= 8.3 P1

References

http://www.securityfocus.com/bid/104534

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1041134

vdb-entryx_refsource_SECTRACK

http://seclists.org/fulldisclosure/2018/Jun/39

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2018
Vulnerability Reserved
Dec 6, 2017

Rsa

What is CVE-2018-1254?

Affected Version(s)

References

CVSS V3.1

Timeline