CVE-2020-5346: XSS
First published: Wed Apr 15 2020(Updated: )
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC RSA Authentication Manager | <=8.3 | |
| EMC RSA Authentication Manager | =8.4 | |
| EMC RSA Authentication Manager | =8.4-p1 | |
| EMC RSA Authentication Manager | =8.4-p10 | |
| EMC RSA Authentication Manager | =8.4-p2 | |
| EMC RSA Authentication Manager | =8.4-p3 | |
| EMC RSA Authentication Manager | =8.4-p4 | |
| EMC RSA Authentication Manager | =8.4-p5 | |
| EMC RSA Authentication Manager | =8.4-p6 | |
| EMC RSA Authentication Manager | =8.4-p7 | |
| EMC RSA Authentication Manager | =8.4-p8 | |
| EMC RSA Authentication Manager | =8.4-p9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5346?
CVE-2020-5346 is a stored cross-site scripting vulnerability in RSA Authentication Manager versions prior to 8.4 P11.
How does CVE-2020-5346 affect RSA Authentication Manager?
CVE-2020-5346 affects RSA Authentication Manager versions prior to 8.4 P11.
What is the severity of CVE-2020-5346?
CVE-2020-5346 has a severity rating of 4.8 (medium).
How can a malicious RSA Authentication Manager Security Console administrator exploit CVE-2020-5346?
A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit CVE-2020-5346 to store arbitrary HTML or JavaScript code.
Is there a fix for CVE-2020-5346?
The fix for CVE-2020-5346 is to upgrade RSA Authentication Manager to version 8.4 P11 or later.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/emc
- canonical/emc rsa authentication manager
- version/emc rsa authentication manager/8.3
- version/emc rsa authentication manager/8.4
- version/emc rsa authentication manager/8.4-p1
- version/emc rsa authentication manager/8.4-p10
- version/emc rsa authentication manager/8.4-p2
- version/emc rsa authentication manager/8.4-p3
- version/emc rsa authentication manager/8.4-p4
- version/emc rsa authentication manager/8.4-p5
- version/emc rsa authentication manager/8.4-p6
- version/emc rsa authentication manager/8.4-p7
- version/emc rsa authentication manager/8.4-p8
- version/emc rsa authentication manager/8.4-p9