Lucene search
K
RsaAuthentication Manager

13 matches found

CVE
CVE
added 2018/05/08 1:0 p.m.132 views

CVE-2018-1247

CVE-2018-1247 affects RSA Authentication Manager Security Console (RSA AM) up to version 8.3. An XML External Entity (XXE) vulnerability allows an attacker with access to submit crafted XML to potentially cause a denial of service or exfiltrate server data by injecting a malicious DTD. Public sou...

7.1CVSS6.7AI score0.16968EPSS
CVE
CVE
added 2018/09/28 6:0 p.m.91 views

CVE-2018-11073

Affected product/issue: RSA Authentication Manager (Dell EMC) prior to 8.3 Patch 3. What is vulnerable: Stored cross-site scripting in the Operations Console; a malicious Operations Console administrator can store arbitrary HTML/JavaScript via the web interface. Impact (as stated): Injected scrip...

6.5CVSS5.2AI score0.0111EPSS
CVE
CVE
added 2018/09/28 6:0 p.m.91 views

CVE-2018-11074

CVE-2018-11074 affects RSA Authentication Manager prior to 8.3 P3. The vulnerability is a DOM-based cross-site scripting flaw in the embedded MadCap Flare Help files that can be exploited by a remote unauthenticated attacker to execute HTML/JavaScript in the browser context of the vulnerable web ...

6.1CVSS6AI score0.02027EPSS
CVE
CVE
added 2018/05/08 1:0 p.m.79 views

CVE-2018-1248

RSA Authentication Manager (Security Console, Operation Console and Self-Service Console) v8.3 and earlier is affected by a Host header injection vulnerability that can poison HTTP caches and redirect users to arbitrary web domains. Root cause: improper handling of HTTP headers in the consoles. I...

6.1CVSS6.5AI score0.01943EPSS
CVE
CVE
added 2018/09/28 6:0 p.m.75 views

CVE-2018-11075

Summary: CVE-2018-11075 affects Dell EMC RSA Authentication Manager versions prior to 8.3 P3, where a reflected cross-site scripting (XSS) vulnerability exists on a Security Console page. A remote, unauthenticated attacker who knows a target user’s anti-CSRF token could lure a victim Security Con...

5.8CVSS5AI score0.0149EPSS
CVE
CVE
added 2019/12/03 8:20 p.m.74 views

CVE-2019-18574

RSA Authentication Manager versions prior to 8.4 Patch 8 (8.4.0.8) are affected by a stored cross-site scripting vulnerability in the Security Console. An authenticated Security Console administrator can store arbitrary HTML/JavaScript through the web interface, which may be included in a report ...

4.8CVSS4.8AI score0.00558EPSS
CVE
CVE
added 2019/03/13 10:0 p.m.70 views

CVE-2019-3711

RSA Authentication Manager versions prior to 8.4 P1 have an insecure credential management vulnerability in the Operations Console that may allow an authenticated administrator to obtain the value of a domain password previously set by another administrator and use it for attacks. Root cause: ins...

7.2CVSS6.2AI score0.01967EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.64 views

CVE-2018-15782

The CVE-2018-15782 entry affects EMC RSA Authentication Manager prior to version 8.4, where the Quick Setup component is vulnerable to a relative path traversal. A local attacker could use a crafted license during initial quick setup to obtain unauthorized access to the system. Data from the init...

7.8CVSS7.3AI score0.00423EPSS
CVE
CVE
added 2013/06/07 8:0 p.m.62 views

CVE-2013-0947

CVE-2013-0947 affects RSA Authentication Manager 8.0 before Patch 1 (P1). Vulnerability: local users can read cleartext passwords stored in logs or configuration files (operating-system, HTTP plug-in proxy passwords, SNMP communities). This is an information-disclosure weakness in log and config ...

2.1CVSS6.5AI score0.00336EPSS
CVE
CVE
added 2012/07/13 9:0 p.m.59 views

CVE-2012-2279

The CVE-2012-2279 issue affects RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The vulnerability is an open redirect in the RSA Security Console, enabling remote attackers to redirect users to arbitrary sites and potentially facilitate phishing via...

6.4CVSS6.9AI score0.0127EPSS
CVE
CVE
added 2013/07/08 8:0 p.m.56 views

CVE-2013-3273

Vulnerability CVE-2013-3273 affects RSA Authentication Manager 8.0 prior to Patch 2 and 7.1 prior to Service Pack 4 Patch 26 (including Appliance 3.0). The issue is that when using the SDK to develop custom applications and with trace logging set to verbose, the administrative account password ca...

2.1CVSS6.1AI score0.00336EPSS
CVE
CVE
added 2012/07/13 9:0 p.m.55 views

CVE-2012-2280

The CVE-2012-2280 entry concerns a Cross frame scripting vulnerability in EMC RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The issue allows remote attackers to inject arbitrary web script/HTML via unspecified vectors due to improper frame handlin...

5CVSS6.4AI score0.01086EPSS
CVE
CVE
added 2012/07/13 9:0 p.m.54 views

CVE-2012-2278

CVE-2012-2278: XSS in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14, affecting the Self-Service Console and Security Console. Root cause: cross-site scripting via unspecified vectors, enabling remote script/HTML injection. Exploitation status not s...

4.3CVSS5.9AI score0.00977EPSS