CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1252 – RSA Web Threat Detection SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-1252
01 Jun 2018 — RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application. RSA Web Threat Detection en versiones anteriores a la 6.4 contiene una vulnerabilida... • http://seclists.org/fulldisclosure/2018/Jun/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0919 – RSA Web Threat Detection 5.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-0919
28 Jan 2017 — EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC RSA Web Threat Detection versión 5.0, RSA Web Threat Detection versión 5.1, RSA Web Threat Detection versión 5.1.2 tiene una vulnerabilidad de XSS que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado. RSA... • http://www.securityfocus.com/archive/1/540057/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •