Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-5346

RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

Published

2020-04-15T18:15:15.630

Last Modified

2024-11-21T05:33:57.320

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emc	rsa_authentication_manager	≤ 8.3	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes
Application	emc	rsa_authentication_manager	8.4	Yes

References

https://community.rsa.com/docs/DOC-111347 Patch, Vendor Advisory ([email protected])
https://community.rsa.com/docs/DOC-111347 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)