CVE-2017-14379
https://notcve.org/view.php?id=CVE-2017-14379
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Las versiones anteriores a la 8.2 SP1 P6 de EMC RSA Authentication Manager contienen una vulnerabilidad de Cross-Site Scripting (XSS) que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Nov/34 http://www.securityfocus.com/bid/101925 http://www.securitytracker.com/id/1039853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-14373
https://notcve.org/view.php?id=CVE-2017-14373
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC RSA Authentication Manager 8.2 SP1 P4 y anteriores contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Oct/62 http://www.securityfocus.com/bid/101605 http://www.securitytracker.com/id/1039680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-8000
https://notcve.org/view.php?id=CVE-2017-8000
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session. En RSA Authentication Manager versión 8.2 SP1 y anteriores de EMC, un Administrador de la Consola de Seguridad de RSA malicioso podría crear un perfil de token y almacenar el nombre del perfil en la base de datos de RSA Authentication Manager. El nombre del perfil podría incluir un script creado (con una carga de tipo XSS) que podría ser ejecutada al visualizar o editar el perfil del token asignado en el token por la sesión del navegador de otro administrador. • http://seclists.org/fulldisclosure/2017/Jul/25 http://www.securityfocus.com/bid/99572 http://www.securitytracker.com/id/1038878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-8006
https://notcve.org/view.php?id=CVE-2017-8006
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources. En RSA Authentication Manager versión 8.2 SP1 Patch 1 y anteriores de EMC, un usuario malicioso que inició sesión en la Consola de Autoservicio de RSA Authentication Manager como un usuario destino puede usar un ataque de fuerza bruta para intentar identificar el PIN de ese usuario. El usuario malicioso podría potencialmente restablecer el PIN comprometido para afectar la capacidad de la víctima para obtener acceso a los recursos protegidos. • http://seclists.org/fulldisclosure/2017/Jul/23 http://www.securityfocus.com/bid/99554 http://www.securitytracker.com/id/1038879 • CWE-287: Improper Authentication •
CVE-2016-0900
https://notcve.org/view.php?id=CVE-2016-0900
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. Vulnerabilidad de XSS en EMC RSA Authentication Manager en versiones anteriores a 8.1 SP1 P14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0901. • http://packetstormsecurity.com/files/136994/RSA-Authentication-Manager-XSS-HTTP-Response-Splitting.html http://seclists.org/bugtraq/2016/May/23 http://www.securitytracker.com/id/1035755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •