CVE-2018-1254
https://notcve.org/view.php?id=CVE-2018-1254
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. RSA Authentication Manager Security Console en versiones 8.3 P1 y anteriores contiene una vulnerabilidad Cross-Site Scripting (XSS) reflejado. Un atacante remoto no autenticado podría explotar esta vulnerabilidad engañando a un administrador Security Console víctima para que proporcione código HTML o JavaScript malicioso a una aplicación web vulnerable, que se devuelve a la víctima y es ejecutado por el navegador web. • http://seclists.org/fulldisclosure/2018/Jun/39 http://www.securityfocus.com/bid/104534 http://www.securitytracker.com/id/1041134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15546
https://notcve.org/view.php?id=CVE-2017-15546
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. Security Console en EMC RSA Authentication Manager 8.2 SP1 P6 y anteriores está afectado por una vulnerabilidad de inyección SQL ciega. Usuarios autenticados maliciosos podrían explotar esta vulnerabilidad para leer cualquier dato sin cifrar de la base de datos. • http://seclists.org/fulldisclosure/2018/Jan/81 http://www.securityfocus.com/bid/102838 http://www.securitytracker.com/id/1040268 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-14379
https://notcve.org/view.php?id=CVE-2017-14379
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Las versiones anteriores a la 8.2 SP1 P6 de EMC RSA Authentication Manager contienen una vulnerabilidad de Cross-Site Scripting (XSS) que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Nov/34 http://www.securityfocus.com/bid/101925 http://www.securitytracker.com/id/1039853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-14373
https://notcve.org/view.php?id=CVE-2017-14373
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC RSA Authentication Manager 8.2 SP1 P4 y anteriores contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Oct/62 http://www.securityfocus.com/bid/101605 http://www.securitytracker.com/id/1039680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-8000
https://notcve.org/view.php?id=CVE-2017-8000
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session. En RSA Authentication Manager versión 8.2 SP1 y anteriores de EMC, un Administrador de la Consola de Seguridad de RSA malicioso podría crear un perfil de token y almacenar el nombre del perfil en la base de datos de RSA Authentication Manager. El nombre del perfil podría incluir un script creado (con una carga de tipo XSS) que podría ser ejecutada al visualizar o editar el perfil del token asignado en el token por la sesión del navegador de otro administrador. • http://seclists.org/fulldisclosure/2017/Jul/25 http://www.securityfocus.com/bid/99572 http://www.securitytracker.com/id/1038878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •