RSA Authentication Manager up to 8.4 P11 Security Console Stored cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in RSA Authentication Manager up to 8.4 P11. This affects an unknown code block of the component Security Console. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field04/16/2020 02:34 PM04/16/2020 02:39 PM
nameRSA Authentication ManagerRSA Authentication Manager
version<=8.4 P11<=8.4 P11
componentSecurity ConsoleSecurity Console
risk11
cvss2_vuldb_basescore2.82.8
cvss2_vuldb_tempscore2.82.8
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auMM
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss3_meta_basescore4.14.1
cvss3_meta_tempscore4.14.1
cvss3_vuldb_basescore3.43.4
cvss3_vuldb_tempscore3.43.4
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prHH
cvss3_vuldb_uiRR
cvss3_vuldb_sCC
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
titlewordStoredStored
date1586908800 (04/15/2020)1586908800 (04/15/2020)
price_0day$0-$5k$0-$5k
cveCVE-2020-5346CVE-2020-5346
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_nvd_basescore4.84.8
cwe079 (cross site scripting)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prH
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cve_assigned1578009600
cve_nvd_summaryRSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!