Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager
CVE-2020-5340

4.8MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Authentication Manager
Vendor: CVE Published:; 26 March 2020

Summary

RSA Authentication Manager prior to version 8.4 P10 is susceptible to a stored cross-site scripting vulnerability within the Security Console. This security flaw allows an administrator with elevated privileges to embed arbitrary HTML or JavaScript code through the web interface. If other administrators attempt to modify the default security domain mapping, the malicious scripts can be executed in their browsers, potentially compromising their accounts and sensitive data.

Affected Version(s)

RSA Authentication Manager < unspecified

References

https://community.rsa.com/docs/DOC-111092

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 26, 2020
Vulnerability Reserved
Jan 3, 2020