13 matches found
CVE-2018-1247
CVE-2018-1247 affects RSA Authentication Manager Security Console (RSA AM) up to version 8.3. An XML External Entity (XXE) vulnerability allows an attacker with access to submit crafted XML to potentially cause a denial of service or exfiltrate server data by injecting a malicious DTD. Public sou...
CVE-2018-11073
Affected product/issue: RSA Authentication Manager (Dell EMC) prior to 8.3 Patch 3. What is vulnerable: Stored cross-site scripting in the Operations Console; a malicious Operations Console administrator can store arbitrary HTML/JavaScript via the web interface. Impact (as stated): Injected scrip...
CVE-2018-11074
CVE-2018-11074 affects RSA Authentication Manager prior to 8.3 P3. The vulnerability is a DOM-based cross-site scripting flaw in the embedded MadCap Flare Help files that can be exploited by a remote unauthenticated attacker to execute HTML/JavaScript in the browser context of the vulnerable web ...
CVE-2018-1248
RSA Authentication Manager (Security Console, Operation Console and Self-Service Console) v8.3 and earlier is affected by a Host header injection vulnerability that can poison HTTP caches and redirect users to arbitrary web domains. Root cause: improper handling of HTTP headers in the consoles. I...
CVE-2018-11075
Summary: CVE-2018-11075 affects Dell EMC RSA Authentication Manager versions prior to 8.3 P3, where a reflected cross-site scripting (XSS) vulnerability exists on a Security Console page. A remote, unauthenticated attacker who knows a target user’s anti-CSRF token could lure a victim Security Con...
CVE-2019-18574
RSA Authentication Manager versions prior to 8.4 Patch 8 (8.4.0.8) are affected by a stored cross-site scripting vulnerability in the Security Console. An authenticated Security Console administrator can store arbitrary HTML/JavaScript through the web interface, which may be included in a report ...
CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 have an insecure credential management vulnerability in the Operations Console that may allow an authenticated administrator to obtain the value of a domain password previously set by another administrator and use it for attacks. Root cause: ins...
CVE-2018-15782
The CVE-2018-15782 entry affects EMC RSA Authentication Manager prior to version 8.4, where the Quick Setup component is vulnerable to a relative path traversal. A local attacker could use a crafted license during initial quick setup to obtain unauthorized access to the system. Data from the init...
CVE-2013-0947
CVE-2013-0947 affects RSA Authentication Manager 8.0 before Patch 1 (P1). Vulnerability: local users can read cleartext passwords stored in logs or configuration files (operating-system, HTTP plug-in proxy passwords, SNMP communities). This is an information-disclosure weakness in log and config ...
CVE-2012-2279
The CVE-2012-2279 issue affects RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The vulnerability is an open redirect in the RSA Security Console, enabling remote attackers to redirect users to arbitrary sites and potentially facilitate phishing via...
CVE-2013-3273
Vulnerability CVE-2013-3273 affects RSA Authentication Manager 8.0 prior to Patch 2 and 7.1 prior to Service Pack 4 Patch 26 (including Appliance 3.0). The issue is that when using the SDK to develop custom applications and with trace logging set to verbose, the administrative account password ca...
CVE-2012-2280
The CVE-2012-2280 entry concerns a Cross frame scripting vulnerability in EMC RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The issue allows remote attackers to inject arbitrary web script/HTML via unspecified vectors due to improper frame handlin...
CVE-2012-2278
CVE-2012-2278: XSS in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14, affecting the Self-Service Console and Security Console. Root cause: cross-site scripting via unspecified vectors, enabling remote script/HTML injection. Exploitation status not s...