79 matches found
CVE-2019-18574
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could th...
Cross site scripting
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could th...
CVE-2019-18574
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could th...
CVE-2019-18574
RSA Authentication Manager versions prior to 8.4 Patch 8 (8.4.0.8) are affected by a stored cross-site scripting vulnerability in the Security Console. An authenticated Security Console administrator can store arbitrary HTML/JavaScript through the web interface, which may be included in a report ...
CVE-2019-5630
A Cross-Site Request Forgery CSRF vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request...
CVE-2019-5630
A Cross-Site Request Forgery CSRF vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request...
CVE-2019-5630
CVE-2019-5630 affects Rapid7 Nexpose InsightVM Security Console. The vulnerability is a Cross-Site Request Forgery (CSRF) in API endpoints that can be exploited via Flash to bypass a cross-domain pre-flight OPTIONS request. Affected versions are 6.5.0 through 6.5.68. The issue arises from insuffi...
Design/Logic Flaw
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...
CVE-2019-5615
CVE-2019-5615 concerns a stored-credential exposure in Rapid7 InsightVM (versions 6.5.11–6.5.49). The issue allows users with Site-level permissions to access files containing username-encrypted passwords for Security Console Global Administrators, along with clear-text passwords for restoring ba...
CVE-2018-11075
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim...
Dell EMC RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2018-20083)
Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell USA. The software centralizes the management of binary identities, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in the Security Console...
CVE-2018-1254
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or...
CVE-2018-1254
The CVE-2018-1254 entry concerns RSA Authentication Manager Security Console, 8.3 P1 and earlier, with a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could trick a Console administrator into submitting malicious HTML or JavaScript to the vulnerable web app, whic...
CVE-2018-1254
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or...
Dell EMC RSA Authentication Manager Security Console, Operation Console and Self-Service Console Host Header Injection Vulnerability
Dell EMC RSA Authentication Manager is a centralized set of binary authentication software from Dell Dell. The software allows for centralized management of binary authentication, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the...
CVE-2018-1248
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains...
CVE-2018-1247
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity XXE vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application...
CVE-2018-1248
RSA Authentication Manager (Security Console, Operation Console and Self-Service Console) v8.3 and earlier is affected by a Host header injection vulnerability that can poison HTTP caches and redirect users to arbitrary web domains. Root cause: improper handling of HTTP headers in the consoles. I...
Denial of Service Vulnerability in RSA Authentication Manager
Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell USA. The software centralizes the management of binary identities, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the security...