CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0925
https://notcve.org/view.php?id=CVE-2016-0925
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la aplicación Case Management en EMC RSA Adaptive Authentication (On-Premise) en versiones anteriores a 6.0.2.1.SP3.P4 HF210, 7.0.x y 7.1.x en versiones anteriores a 7.1.0.0.SP0.P6 HF50 y 7.2.x en versiones anteriores a 7.2.0.0.SP0.P0 HF20 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2016/Sep/33 http://www.securityfocus.com/bid/93025 http://www.securitytracker.com/id/1036851 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4631
https://notcve.org/view.php?id=CVE-2014-4631
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. RSA Adaptive Authentication (On-Premise) 6.0.2.1 hasta 7.1 P3, cuando utiliza la vinculación de dispositivos en una llamada Challenge SOAP o utiliza adaptadores de la integración de autenticación adaptiva RSA con la funcionalidad Out-of-Band Phone (Authentify), realiza la vinculación de dispositivos permanente incluso cuando falla la autenticación, lo que permite a atacantes remotos evadir la autenticación. • http://www.securityfocus.com/archive/1/534136/100/0/threaded http://www.securityfocus.com/bid/71423 http://www.securitytracker.com/id/1031297 https://exchange.xforce.ibmcloud.com/vulnerabilities/99086 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-0638
https://notcve.org/view.php?id=CVE-2014-0638
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue. Vulnerabilidad de XSS en RSA Adaptive Authentication (On-Premise) 6.x y 7.x anterior a 7.1 SP0 P2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores involucrando elementos FRAME, relacionado con un problema de "cross-frame scripting". • http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-0637
https://notcve.org/view.php?id=CVE-2014-0637
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la aplicación back-office case-management en RSA Adaptive Authentication (On-Premise) 6.x y 7.x anterior a 7.1 SP0 P2 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-4611
https://notcve.org/view.php?id=CVE-2012-4611
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EMC RSA Adaptive Authentication On-Premise (AAOP) antes de v7.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0096.html http://osvdb.org/87876 http://packetstormsecurity.com/files/118381/RSA-Adaptive-Authentication-On-Premise-6.x-XSS.html http://secunia.com/advisories/51394 http://www.securityfocus.com/bid/56699 http://www.securitytracker.com/id?1027811 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •