Stored Cross-Site Scripting in RSA Authentication Manager
CVE-2020-5339

4.8MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Authentication Manager
Vendor: CVE Published:; 26 March 2020

Summary

A stored cross-site scripting vulnerability exists in the RSA Authentication Manager's Security Console for versions prior to 8.4 P10. It allows a malicious administrator with elevated privileges to inject arbitrary HTML or JavaScript code through the Security Console interface. When other authorized administrators view a compromised report page, the injected scripts are executed in their browsers, potentially leading to unauthorized access or data manipulation.

Affected Version(s)

RSA Authentication Manager < unspecified

References

https://community.rsa.com/docs/DOC-111092

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 26, 2020
Vulnerability Reserved
Jan 3, 2020