← back
CVE-2018-11074

DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities

CVSS 6.1 MEDIUMEPSS 2.0%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 2.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Sep 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
RSA · Authentication Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://seclists.org/fulldisclosure/2018/Sep/39http://www.securityfocus.com/bid/105410http://www.securitytracker.com/id/1041697