First published: Thu Jun 21 2018(Updated: )
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
EMC RSA Authentication Manager | <=7.0 | |
EMC RSA Authentication Manager | =7.1 | |
EMC RSA Authentication Manager | =7.1-sp2 | |
EMC RSA Authentication Manager | =7.1-sp3 | |
EMC RSA Authentication Manager | =7.1-sp4 | |
EMC RSA Authentication Manager | =8.0 | |
EMC RSA Authentication Manager | =8.0-p1 | |
EMC RSA Authentication Manager | =8.1 | |
EMC RSA Authentication Manager | =8.1-sp1 | |
EMC RSA Authentication Manager | =8.2 | |
EMC RSA Authentication Manager | =8.2-sp1 | |
EMC RSA Authentication Manager | =8.3 | |
EMC RSA Authentication Manager | =8.3-p1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-1253.
The severity of CVE-2018-1253 is medium (6.1).
RSA Authentication Manager Operation Console versions 8.3 P1 and earlier are affected by CVE-2018-1253.
A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface.
Yes, you can find references for CVE-2018-1253 at the following links: [Link 1](http://seclists.org/fulldisclosure/2018/Jun/39), [Link 2](http://www.securityfocus.com/bid/104534), [Link 3](http://www.securitytracker.com/id/1041134).