[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] =?windows-1252?q?ESA-2017-134=3A_RSA=AE_Authentication_Manag?= =?windows-1252?q?er_Security_Upd
From: EMC Product Security Response Center <Security_Alert () emc ! com>
Date: 2017-10-26 15:51:20
Message-ID: 1BF8853173D9704A93EF882F85952A893345E5 () MX304CL04 ! corp ! emc ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting \
Vulnerability
EMC Identifier: ESA-2017-134
CVE Identifier: CVE-2017-14373
Severity Rating: CVSSv3: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
RSA Authentication Manager 8.2 SP1 P4 and earlier
Summary:
RSA Authentication Manager 8.2 SP1 Patch 5 contains a fix for a reflected cross-site scripting \
vulnerability that could potentially be exploited by malicious users to compromise the affected \
system.
Details:
The RSA Authentication Manager Security Console is affected by a reflected cross-site scripting \
vulnerability via an argument in the HTTP POST request. Attackers could potentially exploit \
this vulnerability to execute arbitrary HTML or JavaScript code in the user’s browser session \
in the context of the affected RSA Authentication Manager application.
Recommendation:
The following RSA Authentication Manager release contains a resolution for this vulnerability:
•RSA Authentication Manager 8.2 SP1 Patch 5 and later
RSA recommends all customers upgrade at the earliest opportunity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZ6e0VAAoJEHbcu+fsE81Z1eoH/iselhrcUm2pJ8N0Sxt3l5bl
ZcF8AfR7fNVV41EAf5kmxYKX6Uv7or5DzSHUa/bIhJu/bKGOQJcOewk/qxEKhhKe
idI64cXcBS4RLH0HPv9nmaOUPHKsmQIjIbXHFdod4jcRtAEX2PcRYsC8+3P8ZFtJ
tEV0y8OGFYblxVGDrAE/mdJOW/0OPweXaUzlDdnxz85BZRgOTGyEzncSs90ysEpM
fTZxozgbePJ2x4Phr4DCWhAL/Q+LETDYB3XqiRRyixw+fGzvMGBWUTOEMVmNonm0
ACyPz+E6VJ+GwNfX24NPTkxuHv37yFV8mtkReNstVsgheUoGB5XNuPYAMI2Zy9A=
=VgMU
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic