CVE-2018-11073: XSS
First published: Fri Sep 28 2018(Updated: )
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC RSA Authentication Manager | =8.3-p1 | |
| EMC RSA Authentication Manager | =8.3-p2 | |
| RSA Authentication Manager | <=8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-11073?
CVE-2018-11073 is a vulnerability in RSA Authentication Manager versions prior to 8.3 P3 that allows a stored cross-site scripting attack.
What is the severity of CVE-2018-11073?
CVE-2018-11073 has a severity value of 4.8, which is considered medium.
How does CVE-2018-11073 work?
CVE-2018-11073 allows a malicious Operations Console administrator to store arbitrary HTML or JavaScript code through the web interface, leading to cross-site scripting attacks.
Which software versions are affected by CVE-2018-11073?
RSA Authentication Manager versions prior to 8.3 P3 are affected by CVE-2018-11073.
How can I mitigate the CVE-2018-11073 vulnerability?
To mitigate CVE-2018-11073, it is recommended to upgrade to RSA Authentication Manager version 8.3 P3 or later.
- collector/nvd-index
- vendor/emc
- canonical/emc rsa authentication manager
- version/emc rsa authentication manager/8.3-p1
- version/emc rsa authentication manager/8.3-p2
- vendor/rsa
- canonical/rsa authentication manager
- version/rsa authentication manager/8.3