CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1252 – RSA Web Threat Detection SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-1252
01 Jun 2018 — RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application. RSA Web Threat Detection en versiones anteriores a la 6.4 contiene una vulnerabilida... • http://seclists.org/fulldisclosure/2018/Jun/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 35%CPEs: 1EXPL: 2CVE-2018-1247 – RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1247
04 May 2018 — RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application. RSA Authentication Manager Security Console en versiones 8.3 y anteriores contiene una vulnerabilidad XEE (XML External Entity). Esto podría permitir que los usuarios administradores provoquen una denegación de s... • https://packetstorm.news/files/id/147666 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1248 – RSA Authentication Manager XXE Injection / Header Injection
https://notcve.org/view.php?id=CVE-2018-1248
04 May 2018 — RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains. RSA Authentication Manager Security Console, Operation Console y Self-Service Console, en versiones 8.3 y anteriores, se ve afectado por una vulnerabilidad de inyección de cabeceras del host. Esto podría permitir que u... • http://seclists.org/fulldisclosure/2018/May/18 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2018-1232 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1232
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS y Apache Web Server se ve afectado por un desbordamiento de búfer basado en pila que pued... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1233 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1233
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS y Apache Web Server se ve afectado por una vulnerabilidad Cross-Site Scripting (XSS). Los atacantes podrían explota... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1234 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1234
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS se ve afectado por un problema en el que los permisos de la lista de control ... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1182 – RSA Identity Governance and Lifecycle Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-1182
06 Mar 2018 — An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root leve... • http://seclists.org/fulldisclosure/2018/Mar/16 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2017-14377 – RSA Authentication Agent for Web Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-14377
27 Nov 2017 — EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass. RSA Authentication Agent for Web: Apache Web Server en su versión 8.0 y RSA Authentication Agent for Web: Apache Web Server en su versión 8.0.1 anterior a la Build 618 de EMC tienen una vulnerabilidad de seguridad que podría conducir a una omisión de autenticación. A sec... • http://seclists.org/fulldisclosure/2017/Nov/46 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14370
https://notcve.org/view.php?id=CVE-2017-14370
11 Oct 2017 — RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por un Cross-Site Scripting (XSS) persistente mediante el campo Source Asset ID. Un atacante autenticado podría explotarlo para ejecutar HTML arbitrar... • http://seclists.org/fulldisclosure/2017/Oct/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14369 – RSA Archer GRC 6.2.0.5 XSS / File Upload / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14369
06 Oct 2017 — RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por una vulnerabilidad de escalado de privilegios. Un usuario de RSA Archer con un bajo nivel de privilegios podría explotar esta vulnerabilidad para elevar sus privilegios y exportar los regis... • http://seclists.org/fulldisclosure/2017/Oct/12 •