Design/Logic Flaw

2020-01-0323:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.

CPENameOperatorVersion
rsa_authentication_managerlt8.4
rsa_authentication_managereq8.4
rsa_authentication_managereq8.4 p6
rsa_authentication_managereq8.4 p5
rsa_authentication_managereq8.4 p4
rsa_authentication_managereq8.4 p3
rsa_authentication_managereq8.4 p2
rsa_authentication_managereq8.4 p1

Name	Operator	Version
rsa_authentication_manager	lt	8.4
rsa_authentication_manager	eq	8.4
rsa_authentication_manager	eq	8.4 p6
rsa_authentication_manager	eq	8.4 p5
rsa_authentication_manager	eq	8.4 p4
rsa_authentication_manager	eq	8.4 p3
rsa_authentication_manager	eq	8.4 p2
rsa_authentication_manager	eq	8.4 p1

References

www.dell.com/support/security/en-us/details/DOC-108320/DSA-2019-148-RSA&