CVE-2020-5339

4.8MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Authentication Manager
Vendor: CVE Published:; 26 March 2020

Summary

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.

Affected Version(s)

RSA Authentication Manager < unspecified

References

https://community.rsa.com/docs/DOC-111092

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 26, 2020
Vulnerability Reserved
Jan 3, 2020