[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] =?windows-1252?q?ESA-2017-152=3A_RSA=AE_Authentication_Manag?= =?windows-1252?q?er_Software_Sto
From: EMC Product Security Response Center <Security_Alert () emc ! com>
Date: 2017-11-20 14:50:25
Message-ID: 1BF8853173D9704A93EF882F85952A8936B8DC () MX304CL04 ! corp ! emc ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ESA-2017-152: RSA® Authentication Manager Software Stored Cross-Site Scripting Vulnerability
EMC Identifier: ESA-2017-152
CVE Identifier: CVE-2017-14379
Severity Rating: CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)
Affected Products:
RSA® Authentication Manager software version 8.2 SP1 P5 and earlier
Summary:
RSA Authentication Manager software version 8.2 SP1 P6 contains a fix for a cross-site \
scripting vulnerability that could potentially be exploited by malicious users to compromise \
the affected system.
Details:
The RSA Authentication Manager Security Console is affected by a stored cross-site scripting \
vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML \
or JavaScript code in the user’s browser session in the context of the RSA Authentication \
Manager application.
Recommendation:
The following RSA Authentication Manager software release contains a resolution for this \
vulnerability: •RSA Authentication Manager software version 8.2 SP1 Patch 6 and later
For documentation, downloads, and more, visit the RSA SecurID Suite page on RSA Link.
Credit:
RSA would like to thank Nirmal Kirubakaran from eBay Penetration Testing for reporting this \
vulnerability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJaEup+AAoJEHbcu+fsE81ZvXkH/0Voy4RSnvF3Qygtm9bhOEuZ
rrMqIIf62+mZDU4qrvZE1uOq4SlVcr9/aLbsJRNWwsfaEVstbIxl5edKYAZHYp4g
RKTIsZ8iPv+aZERh7/SKlxIDzMd3+IGhxc/vHZ09xLPzstOMl8M+iQBzbK1qcshw
yl8DBoSm0yykrlHtYxkxtCaX0wDltoyxNMNEhpaxood82vd2tIb8YrmD95Sv8h8J
se0ugIlioYQg9Lm3PoYZe3ZAvj7XA/cf1h8PsjWpUuxYBHIxhxN6ZmG7aesgLzdW
jTMRHt7/iVrDYnuePqsD6QR7K0GeMU5n4ifOBBg/vgs4GaffPDti37O1VzpXfc0=
=6aat
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic