RSA Authentication Manager up to 8.4 P11 Security Console Stored cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in RSA Authentication Manager up to 8.4 P11. This affects an unknown code block of the component Security Console. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1001249304/16/2020VulD...cve_nvd_summaryRSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.mitre.org04/16/2020accepted100
1001249204/16/2020VulD...cve_assigned1578009600mitre.org04/16/2020accepted100
1001248704/16/2020VulD...cvss3_nvd_aNnist.gov04/16/2020accepted100
1001248604/16/2020VulD...cvss3_nvd_iLnist.gov04/16/2020accepted100
1001248504/16/2020VulD...cvss3_nvd_cLnist.gov04/16/2020accepted100
1001248404/16/2020VulD...cvss3_nvd_sCnist.gov04/16/2020accepted100
1001248304/16/2020VulD...cvss3_nvd_uiRnist.gov04/16/2020accepted100
1001248204/16/2020VulD...cvss3_nvd_prHnist.gov04/16/2020accepted100
1001248104/16/2020VulD...cvss3_nvd_acLnist.gov04/16/2020accepted100
1001248004/16/2020VulD...cvss3_nvd_avNnist.gov04/16/2020accepted100
1001245804/16/2020VulD...cwe79 (cross site scripting)04/16/2020accepted100
1001250004/16/2020VulD...cvss3_nvd_basescore4.8nist.gov04/16/2020accepted90
1001249904/16/2020VulD...cvss3_vuldb_rcX04/16/2020accepted90
1001249804/16/2020VulD...cvss3_vuldb_rlX04/16/2020accepted90
1001249704/16/2020VulD...cvss3_vuldb_eX04/16/2020accepted90
1001249604/16/2020VulD...cvss2_vuldb_rcND04/16/2020accepted90
1001249504/16/2020VulD...cvss2_vuldb_rlND04/16/2020accepted90
1001249404/16/2020VulD...cvss2_vuldb_eND04/16/2020accepted90
1001249104/16/2020VulD...cveCVE-2020-5346mitre.org04/16/2020accepted100
1001249004/16/2020VulD...price_0day$0-$5ksee documentation04/16/2020accepted100

Do you know our Splunk app?

Download it now for free!