Reflected Cross-Site Scripting Vulnerability in RSA Authentication Manager
CVE-2018-1254

6.1MEDIUM

Key Information:

Vendor

Rsa
Status
Rsa Authentication Manager
Vendor
CVE Published:
21 June 2018

What is CVE-2018-1254?

RSA Authentication Manager, specifically versions 8.3 P1 and earlier, is susceptible to a reflected cross-site scripting vulnerability. This allows a remote unauthenticated attacker to exploit the Security Console by tricking an administrator into executing malicious code. By injecting harmful HTML or JavaScript code, the attacker can reflect it back to the victim, posing a serious risk to the integrity of the application and its users. It is crucial for administrators to remain vigilant and implement security measures to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RSA Authentication Manager <= 8.3 P1

References

http://www.securityfocus.com/bid/104534
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041134
vdb-entryx_refsource_SECTRACK
http://seclists.org/fulldisclosure/2018/Jun/39
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.