Lucene search
K

79 matches found

osv
osv
added 2019/12/03 9:15 p.m.5 views

CVE-2019-18574

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could th...

4.8CVSS5.8AI score0.00558EPSS
Exploits0References1
prion
prion
added 2019/12/03 9:15 p.m.16 views

Cross site scripting

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could th...

3.5CVSS4.8AI score0.00558EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2019/12/03 8:20 p.m.27 views

CVE-2019-18574

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could th...

4.8CVSS4.9AI score0.00558EPSS
Exploits0References1
cve
cve
added 2019/12/03 8:20 p.m.75 views

CVE-2019-18574

RSA Authentication Manager versions prior to 8.4 Patch 8 (8.4.0.8) are affected by a stored cross-site scripting vulnerability in the Security Console. An authenticated Security Console administrator can store arbitrary HTML/JavaScript through the web interface, which may be included in a report ...

4.8CVSS4.8AI score0.00558EPSS
Exploits0References1Affected Software2
osv
osv
added 2019/07/03 5:15 p.m.3 views

CVE-2019-5630

A Cross-Site Request Forgery CSRF vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request...

8.8CVSS6.8AI score0.0089EPSS
Exploits0References1
nvd
nvd
added 2019/07/03 5:15 p.m.13 views

CVE-2019-5630

A Cross-Site Request Forgery CSRF vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request...

8.8CVSS6.9AI score0.0089EPSS
Exploits0References1
prion
prion
added 2019/07/03 5:15 p.m.19 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request...

6.8CVSS8.8AI score0.0089EPSS
Exploits0References1Affected Software1
cve
cve
added 2019/07/03 5:0 p.m.89 views

CVE-2019-5630

CVE-2019-5630 affects Rapid7 Nexpose InsightVM Security Console. The vulnerability is a Cross-Site Request Forgery (CSRF) in API endpoints that can be exploited via Flash to bypass a cross-domain pre-flight OPTIONS request. Affected versions are 6.5.0 through 6.5.68. The issue arises from insuffi...

8.8CVSS7.5AI score0.0089EPSS
Exploits0References1Affected Software1
prion
prion
added 2019/04/09 4:29 p.m.17 views

Design/Logic Flaw

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

3.5CVSS6.7AI score0.00802EPSS
Exploits0References1Affected Software1
cve
cve
added 2019/04/09 3:27 p.m.80 views

CVE-2019-5615

CVE-2019-5615 concerns a stored-credential exposure in Rapid7 InsightVM (versions 6.5.11–6.5.49). The issue allows users with Site-level permissions to access files containing username-encrypted passwords for Security Console Global Administrators, along with clear-text passwords for restoring ba...

6.5CVSS5.4AI score0.00802EPSS
Exploits0References1Affected Software1
osv
osv
added 2018/09/28 6:29 p.m.4 views

CVE-2018-11075

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim...

4.7CVSS5.8AI score0.0149EPSS
Exploits0References3
cnvd
cnvd
added 2018/09/27 12:0 a.m.6 views

Dell EMC RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2018-20083)

Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell USA. The software centralizes the management of binary identities, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in the Security Console...

5.8CVSS5.4AI score0.0149EPSS
Exploits0References1
osv
osv
added 2018/06/21 3:29 p.m.5 views

CVE-2018-1254

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or...

6.1CVSS5.8AI score0.02027EPSS
Exploits0References3
cve
cve
added 2018/06/21 3:0 p.m.78 views

CVE-2018-1254

The CVE-2018-1254 entry concerns RSA Authentication Manager Security Console, 8.3 P1 and earlier, with a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could trick a Console administrator into submitting malicious HTML or JavaScript to the vulnerable web app, whic...

6.1CVSS6.1AI score0.02027EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2018/06/21 3:0 p.m.19 views

CVE-2018-1254

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or...

6.2AI score0.02027EPSS
Exploits0References3
cnvd
cnvd
added 2018/05/10 12:0 a.m.18 views

Dell EMC RSA Authentication Manager Security Console, Operation Console and Self-Service Console Host Header Injection Vulnerability

Dell EMC RSA Authentication Manager is a centralized set of binary authentication software from Dell Dell. The software allows for centralized management of binary authentication, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the...

6.1CVSS6.7AI score0.01467EPSS
Exploits0References1
osv
osv
added 2018/05/08 1:29 p.m.7 views

CVE-2018-1248

RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains...

6.1CVSS5.9AI score0.01467EPSS
Exploits0References3
osv
osv
added 2018/05/08 1:29 p.m.3 views

CVE-2018-1247

RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity XXE vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application...

7.1CVSS5.8AI score0.16968EPSS
Exploits5References4
cve
cve
added 2018/05/08 1:0 p.m.79 views

CVE-2018-1248

RSA Authentication Manager (Security Console, Operation Console and Self-Service Console) v8.3 and earlier is affected by a Host header injection vulnerability that can poison HTTP caches and redirect users to arbitrary web domains. Root cause: improper handling of HTTP headers in the consoles. I...

6.1CVSS6.5AI score0.01467EPSS
Exploits0References3Affected Software1
cnvd
cnvd
added 2018/05/08 12:0 a.m.15 views

Denial of Service Vulnerability in RSA Authentication Manager

Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell USA. The software centralizes the management of binary identities, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the security...

7.1CVSS7.1AI score0.16968EPSS
Exploits5References1
Rows per page
Query Builder