Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager
CVE-2020-5346

4.8MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Authentication Manager
Vendor: CVE Published:; 15 April 2020

Summary

RSA Authentication Manager versions prior to 8.4 P11 are susceptible to a stored cross-site scripting (XSS) vulnerability within the Security Console. This issue allows an overly privileged administrator to inject malicious HTML or JavaScript code via the web interface. When other administrators access affected pages, the injected scripts can execute in their browsers, potentially leading to unauthorized actions or data exposure.

Affected Version(s)

RSA Authentication Manager < unspecified

References

https://community.rsa.com/docs/DOC-111347

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Jan 3, 2020