CVE-2019-3711 – DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability
https://notcve.org/view.php?id=CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks. RSA Authentication Manager, en CVErsiones anteriores a la 8.4 P1, contiene una vulnerabilidad de gestión insegura de credenciales. Un administrador malicioso de la consola de operaciones podría ser capaz de obtener el valor de una contraseña de dominio que había sido establecida por otro administrador de la consola de operaciones y emplearla para ataques. • http://www.securityfocus.com/bid/107210 https://seclists.org/fulldisclosure/2019/Mar/5 •
CVE-2018-11073 – DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-11073
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. RSA Authentication Manager en versiones anteriores a la 8.3 P3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) persistente en Operations Console. Un administrador de Operations Console malicioso podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript arbitrario mediante la interfaz web. • http://www.securityfocus.com/bid/105410 http://www.securitytracker.com/id/1041697 https://seclists.org/fulldisclosure/2018/Sep/39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-11074 – DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-11074
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application. RSA Authentication Manager en versiones anteriores a la 8.3 P3 se ha visto afectado por una vulnerabilidad Cross-Site Scripting (XSS) basado en DOM que existe en sus archivos MadCap Flare Help embebidos. Un atacante remoto no autenticado podría explotar esta vulnerabilidad engañando a un usuario de una aplicación víctima para que proporcione código HTML o JavaScript malicioso al DOM del navegador, cuyo código es ejecutado por el navegador web en el contexto de la aplicación web vulnerable. • http://www.securityfocus.com/bid/105410 http://www.securitytracker.com/id/1041697 https://seclists.org/fulldisclosure/2018/Sep/39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-11075 – DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-11075
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application. RSA Authentication Manager en versiones anteriores a la 8.3 P3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en una página Security Console. Un usuario remoto no autenticado malicioso podría, conociendo el token anti-CSRF de un usuario objetivo, explotar esta vulnerabilidad engañando a un usuario de Security Console víctima para que proporcione código HTML o JavaScript malicioso a la aplicación web vulnerable, cuyo código es ejecutado por el navegador web en el contexto de la aplicación web vulnerable. • http://www.securityfocus.com/bid/105410 http://www.securitytracker.com/id/1041697 https://seclists.org/fulldisclosure/2018/Sep/39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1253 – Stored cross-site scripting vulnerability
https://notcve.org/view.php?id=CVE-2018-1253
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. RSA Authentication Manager Operation Console, en versiones 8.3 P1 y anteriores, contiene una vulnerabilidad de Cross-Site Scripting (XSS) persistente. Un administrador de Operations Console podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript arbitrario mediante la interfaz web. • http://seclists.org/fulldisclosure/2018/Jun/39 http://www.securityfocus.com/bid/104534 http://www.securitytracker.com/id/1041134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •